Abstract
Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks.
Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor’s approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements.
Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abrams M, Weiss J (2008). Malicious control system cyber security attack case study—Maroochy water services. The MITRE Corporation, July 23, 2008. Available at: http://www.mitre.org/work/ tech_papers/tech_papers_08/08_1145/08_1145.pdf
ISO/IEC 27002 (2005). Information Technology-Security Techniques —Code of Practice for Information Security Management (Redesignated from ISO/IEC 17799:2005 in 2007). Weissman O (Germany) Plate A (UK), eds. International Organization for Standardization, Geneva, Switzerland, 2007
Panguluri S, Phillips W R Jr, Ellis P (2011). Handbook of Water and Wastewater Systems Protection, Chapter 16-Cyber Security: Protecting Water and Wastewater Infrastructure. Clark R M, et al. eds. Springer Science_Business Media, LLC 2011
PBS (2004). Frontline program titled “Cyber War!” Airdate: April 24, 2003, http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/
Phillips W R Jr (2009a). Typical water/wastewater utility’s business and SCADA infrastructure and network connectivity. Copyright 2009 by CH2M Hill. Reprinted with Permission
Phillips W R Jr (2009b). SCADA network attack scenario. Copyright 2009 by CH2M Hill. Reprinted with Permission
Phillips W R Jr (2009c). Example DMZ application to improve security. Copyright 2009 by CH2M Hill. Reprinted with Permission
President’s Commission on Critical Infrastructure Protection (PCCIP) (1997). Critical Foundations: Protecting America’s Infrastructures. The Report of the President’s Commission on Critical Infrastructure Protection, October 1997
Repository for Industrial Security Incidents (RISI) (2010). Annual Report on Cyber Security Incidents Affecting Industrial Control Systems—Annual Report 2010. Available from RISI at: http://www.securityincidents.org
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Panguluri, S., Phillips, W. & Cusimano, J. Protecting water and wastewater infrastructure from cyber attacks. Front. Earth Sci. 5, 406–413 (2011). https://doi.org/10.1007/s11707-011-0199-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11707-011-0199-5