In this post, Ross answers “How can we best integrate CMOM (Capacity, Management, Operations, and Maintenance) into both asset management and fiscal sustainability plan?”
He also shared briefly his thoughts on cyber security application in infrastructure asset management.
Capacity, Management, Operations and Maintenance
Ross said that clearly, what you’re talking about there is a part of the risk management section of your asset management plan, that sort of analysis. And also it can fit into your levels of service.
Coming back to the West Virginia example, you might have had a look at that risk ahead and said, hey we’ve got a contamination barrier risk in our water source, if we get that sort of incident.
So, you might put some extra filters or some sort of shut off system or something like that. So that becomes a level of service gap that you would then need some new capital to address and things like that.
I’m just going up a page on this diagram – so when you do that sort of analysis, you spot your gaps between your levels of service or your risks and then that feeds into your life cycle management which, can include capital expenditure to address that.
Back in New Zealand, all utilities are required to have what’s called a Water Safety Plan. It’s more of around the barriers to contamination than it is around bad people doing bad things.
But you got to work your way through. How can your supply get contaminated? Do you have enough barriers, or sufficient systems in place to address that?
That’s a mandated requirement and government agencies check on that, everybody has to have them signed off every so often.
And so they feed into our level of service and through that into your life cycle management.
Don’t forget cyber security risk
The only other thing I’d say, when you’re looking at these sorts of risks is don’t forget about cyber risks.
More and more of your process control instrumentation now is capable of being hooked up the internet.
It’s very convenient to do that because you’ll get the signals and stuff back to your office or back to your control center.
The thing I would say to my clients is just make sure you’ve got some gateways or some one-way traffic so that nobody can come the other way and get into them and start meddling with your control programs.
That would be frustrating in the extreme and also could be potentially quite dangerous. It’s just thinking through your cyber security and stuff that’s hooked up to the internet that has real world actions.
Particularly control systems, you need to make sure you got them really locked down so that nobody can get at them through gateways or one-way passage or those sorts of things.
So this fits into your risk section and it can fit into your levels of service and then that feeds into your life cycle management.