Water plant’s missteps illustrates need for critical infrastructure security controls