A Review of Cybersecurity Incidents in the Water Sector

Hassanzadeh, Amin; Rasekh, Amin; Galelli, Stefano; Aghashahi, Mohsen; Taormina, Riccardo; Ostfeld, Avi; Banks, Katherine

doi:10.1061/(asce)ee.1943-7870.0001686

Cited by 121 publications

(81 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Water utilities face unprecedented pressures and complexity in their decision-making as a result population growth and challenges related to climate change such as heavy rainfall and drought periods. Further, an increasingly automated and interconnected world creates new sources of vulnerability, such as cyber-attacks to their automated system management [104,105] or the increasing likelihood of failure propagation through multiple, urban infrastructures [106]. However, digitalisation and interconnectivity also bring solutions to the challenges faced by a water utility today.…”

Section: Emergent Paradigm Of Digital Water and Future Research Direcmentioning

confidence: 99%

Overview of Energy Management and Leakage Control Systems for Smart Water Grids and Digital Water

et al. 2020

View full text Add to dashboard Cite

Current and future smart cities are moving towards the zero-net energy use concept. To this end, the built environment should also be designed for efficient energy use and play a significant role in the production of such energy. At present, this is achieved by focusing on energy demand in buildings and to the renewable trade-off related to smart power grids. However, urban water distribution systems constantly carry an excess of hydraulic energy that can potentially be recovered to produce electricity. This paper presents a comprehensive review of current strategies for energy production by reviewing the state-of-the-art of smart water systems. New technologies (such as cyber-physical systems, digital twins, blockchain) and new methodologies (network dynamics, geometric deep learning) associated with digital water are also discussed. The paper then focuses on modelling the installation of both micro-turbines and pumps as turbines, instead of/together with pressure reduction valves, to further demonstrate the energy-recovery methods which will enable water network partitioning into district metered areas. The associated benefits on leakage control, as a source of energy, and for contributing to overall network resilience are also highlighted. The paper concludes by presenting future research directions. Notably, digital water is proposed as the main research and operational direction for current and future Water Distribution Systems (WDS) and as a holistic, data-centred framework for the operation and management of water networks.

show abstract

Section: Emergent Paradigm Of Digital Water and Future Research Direcmentioning

confidence: 99%

Overview of Energy Management and Leakage Control Systems for Smart Water Grids and Digital Water

et al. 2020

View full text Add to dashboard Cite

show abstract

“…A recent study presented a review of fifteen cybersecurity incidents in the water and wastewater sector covering a wide variety of vulnerabilities and situations from the Maroochy Shire Sewage Treatment Plant insider attack in 2001 to the Riviera Beach Water Utility ransomware attack in 2019 [9]. The study found that the sheer diversity of the systems, attackers, and consequences associated with the incidents indicate a need for inclusive and comprehensive vulnerability assessments, as well as risk mitigation, preparedness, response, and recovery studies that account for such extreme heterogeneity.…”

Section: Emerging Cyber Security Needs In the Water Industrymentioning

confidence: 99%

Water Industry Cyber Security Human Resources and Training Needs

Skiba¹

2020

IJEM

View full text Add to dashboard Cite

Cyber-attacks are a growing and persistent threat to water infrastructure, including drinking water and wastewater systems. Water infrastructure uses a number of technical control systems to manage and track infrastructure properties, including hardware and software, such as monitoring and data acquisition systems, process control systems, and other devices, such as programmable logic controllers, that control data gathering equipment and information technology. As these systems become more connected to corporate systems and the internet, security approaches are needed equally across both the control system and the corporate network infrastructure, as there are many potential entry points for cyber attackers to exploit to these systems. These cyber-attacks occur on water infrastructure worldwide and water providers, in order to reduce the risks, need to identify control system asset security vulnerabilities and design, build and maintain a security architecture proportionate to the risk. Human resources are fundamental to these cybersecurity systems and the required emerging job roles require industry specific definition. This paper provides definition on the roles and responsibilities for control system security governance, particularly from the perspective of skills and knowledge and training requirements with a view to addressing leading industry security standards for control systems and practices.

show abstract

“…For instance, the Iranian Revolutionary Guard are said to have attacked the Bowman Avenue Dam in New York state, gaining control of the command and control system, with the ability to produce kinetic effects on the water system. While the flood gates were offline for maintenance and were therefore not accessible within the attack, this was fortuitous and demonstrates how vulnerable systems may actually be [23]. The 2016 attack on the "Kemuri" water plant (a pseudonym given to the plant), attributed to political hackers affiliated to Syria, gained control the levels of chemicals used within the water system, as well as retrieving large quantities of personal customer data [24].…”

Section: Cyber-attacks On Water Networkmentioning

confidence: 99%

“…In yet another, in 2019, governmental services, including water, in Florida were targeted in a ransomware attack. The attack compromised Riviera Beach Water Utility's computer systems, preventing them from using their pumping stations, water quality testing functions and their payment operations [23].…”

Section: Cyber-attacks On Water Networkmentioning

confidence: 99%

Balancing Innovation and Vulnerability: Water Security in an Age of Cyber-Warfare

Petersen

Wieltschnig

2020

WIT Transactions on Ecology and the Environment

View full text Add to dashboard Cite

Through technological and organisational innovations, water services are increasingly finding new pathways to reduce water insecurity. For instance, the real-time detection of water pollution through the deployment of novel sensors can mitigate contamination problems before they become widespread. While these tools open up new forms of water security, they simultaneously create new forms of vulnerability as the connectivity and digitalisation of these infrastructures create remote pathways to control water system behaviours. The cyber-warfare capabilities of state and non-state actors are becoming increasingly sophisticated, and attacks have successfully infiltrated water systems with worrying potential. Indeed, in 2018, the US Department of Homeland Security and Federal Bureau of Investigations highlighted the threat of cyber-attacks from hostile countries on water systems, demonstrating the very real nature of these threats. This paper assesses the vulnerabilities arising from increasing interconnectivity and digitalisation in water infrastructures, paying particular attention to demographics at risk of insecurity. The paper starts by reviewing cyber-warfare practices relating to infrastructure, including their increasing frequency and sophistication. This is overlaid with a current demographic understanding of water insecurity and potential vulnerabilities to cyber-attack to identify what intersectionalities appear as new threats emerge. The paper then explores the necessary structure and value of ethical impact assessments in the design of innovative technology and practices in the water sector. In order to foster sensitivity to vulnerabilities and create avenues for incorporating scalable preventative and mitigating measures into design, a practical framework (in the form of a list of questions) is outlined. This paper finds that our understanding of water insecurity must adapt to the challenges posed by cyber-attacks. Sensitivity to the existence of these threats must be fostered and a practical framework developed to attune stakeholders to cyber-threats and assist those engaged with new technologies in the water sector.

show abstract

A Review of Cybersecurity Incidents in the Water Sector

Cited by 121 publications

References 17 publications

Overview of Energy Management and Leakage Control Systems for Smart Water Grids and Digital Water

Overview of Energy Management and Leakage Control Systems for Smart Water Grids and Digital Water

Water Industry Cyber Security Human Resources and Training Needs

Balancing Innovation and Vulnerability: Water Security in an Age of Cyber-Warfare

Contact Info

Product

Resources

About