Protecting water and wastewater infrastructure from cyber attacks
- 274 Downloads
Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks.
Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor’s approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements.
Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.
Keywordswastewater infrastructure protecting water cyber attacks
Unable to display preview. Download preview PDF.
- Abrams M, Weiss J (2008). Malicious control system cyber security attack case study—Maroochy water services. The MITRE Corporation, July 23, 2008. Available at: http://www.mitre.org/work/ tech_papers/tech_papers_08/08_1145/08_1145.pdf
- ISO/IEC 27002 (2005). Information Technology-Security Techniques —Code of Practice for Information Security Management (Redesignated from ISO/IEC 17799:2005 in 2007). Weissman O (Germany) Plate A (UK), eds. International Organization for Standardization, Geneva, Switzerland, 2007Google Scholar
- Panguluri S, Phillips W R Jr, Ellis P (2011). Handbook of Water and Wastewater Systems Protection, Chapter 16-Cyber Security: Protecting Water and Wastewater Infrastructure. Clark R M, et al. eds. Springer Science_Business Media, LLC 2011Google Scholar
- PBS (2004). Frontline program titled “Cyber War!” Airdate: April 24, 2003, http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/
- Phillips W R Jr (2009a). Typical water/wastewater utility’s business and SCADA infrastructure and network connectivity. Copyright 2009 by CH2M Hill. Reprinted with PermissionGoogle Scholar
- Phillips W R Jr (2009b). SCADA network attack scenario. Copyright 2009 by CH2M Hill. Reprinted with PermissionGoogle Scholar
- Phillips W R Jr (2009c). Example DMZ application to improve security. Copyright 2009 by CH2M Hill. Reprinted with PermissionGoogle Scholar
- President’s Commission on Critical Infrastructure Protection (PCCIP) (1997). Critical Foundations: Protecting America’s Infrastructures. The Report of the President’s Commission on Critical Infrastructure Protection, October 1997Google Scholar
- Repository for Industrial Security Incidents (RISI) (2010). Annual Report on Cyber Security Incidents Affecting Industrial Control Systems—Annual Report 2010. Available from RISI at: http://www.securityincidents.org