Muhammad Muzamil Aslam,Ali Tufail,Ki-Hyung Kim,Rosyzie Anna Awg Haji Mohd Apong,Muhammad Taqi Raza

DOI: https://doi.org/10.3390/s23187999

IF: 3.9

2023-09-21

Sensors

Abstract:In recent years, the Internet of Things (IoT) has had a big impact on both industry and academia. Its profound impact is particularly felt in the industrial sector, where the Industrial Internet of Things (IIoT), also known as Industry 4.0, is revolutionizing manufacturing and production through the fusion of cutting-edge technologies and network-embedded sensing devices. The IIoT revolutionizes several industries, including crucial ones such as oil and gas, water purification and distribution, energy, and chemicals, by integrating information technology (IT) with industrial control and automation systems. Water, a vital resource for life, is a symbol of the advancement of technology, yet knowledge of potential cyberattacks and their catastrophic effects on water treatment facilities is still insufficient. Even seemingly insignificant errors can have serious consequences, such as aberrant pH values or fluctuations in the concentration of hydrochloric acid (HCI) in water, which can result in fatalities or serious diseases. The water purification and distribution industry has been the target of numerous hostile cyber security attacks, some of which have been identified, revealed, and documented in this paper. Our goal is to understand the range of security threats that are present in this industry. Through the lens of IIoT, the survey provides a technical investigation that covers attack models, actual cases of cyber intrusions in the water sector, a range of security difficulties encountered, and preventative security solutions. We also explore upcoming perspectives, illuminating the predicted advancements and orientations in this dynamic subject. For industrial practitioners and aspiring scholars alike, our work is a useful, enlightening, and current resource. We want to promote a thorough grasp of the cybersecurity landscape in the water industry by combining key insights and igniting group efforts toward a safe and dependable digital future.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Amin Hassanzadeh,Amin Rasekh,Stefano Galelli,Mohsen Aghashahi,Riccardo Taormina,Avi Ostfeld,Katherine Banks

DOI: https://doi.org/10.1061/%28ASCE%29EE.1943-7870.0001686

2020-07-25

Abstract:This study presents a critical review of disclosed, documented, and malicious cybersecurity incidents in the water sector to inform safeguarding efforts against cybersecurity threats. The review is presented within a technical context of industrial control system architectures, attack-defense models, and security solutions. Fifteen incidents were selected and analyzed through a search strategy that included a variety of public information sources ranging from federal investigation reports to scientific papers. For each individual incident, the situation, response, remediation, and lessons learned were compiled and described. The findings of this review indicate an increase in the frequency, diversity, and complexity of cyberthreats to the water sector. Although the emergence of new threats, such as ransomware or cryptojacking, was found, a recurrence of similar vulnerabilities and threats, such as insider threats, was also evident, emphasizing the need for an adaptive, cooperative, and comprehensive approach to water cyberdefense.

Cryptography and Security

Fatai Adeshina Adelani,Tosin Michael Olatunde,Johnson Sunday Oliha

DOI: https://doi.org/10.53294/ijfetr.2024.6.2.0029

2024-04-30

International Journal of Frontiers in Engineering and Technology Research

Abstract:This review paper examines the theoretical perspectives on cybersecurity challenges facing critical water infrastructure, with a focus on comparative insights from Africa and the United States. By exploring foundational theories of risk management, resilience, and deterrence, the paper delineates how these concepts are applied and adapted to address the cybersecurity needs of critical water systems within the distinct contexts of the two regions. The analysis identifies common challenges such as malware attacks, system vulnerabilities, human factors, and how regional differences influence technological infrastructure, regulatory environments, and cyber threat landscapes. Through a comparative analysis, the paper highlights lessons learned and best practices from both regions, emphasizing the importance of capacity building, comprehensive risk management, and the role of public-private partnerships. The paper concludes with a call for future research to develop adaptable theoretical models that address different regions' unique cybersecurity challenges, underlining theoretical understanding's critical role in enhancing the global resilience of critical water infrastructure against cyber threats.

Ola Michalec,Sveta Milyaeva,Awais Rashid

DOI: https://doi.org/10.1111/rego.12423

2021-06-30

Abstract:<p>Developments in improved monitoring, asset management, and resource efficiencies led to the water industry promising a step-change in the design and operation of these facilities: the "blending" of traditional engineering equipment with digital technologies. These apparent benefits inevitably produce new challenges of regulating an emerging techno-political landscape. One of the regulations is Europe's Network and Information Systems Security Directive, which aims to improve cyber security across critical infrastructure providers. This paper focuses on the implementation of Network and Information Systems in the context of the water sector in England. At the national and supranational levels, Network and Information Systems acts as a boundary object that gathers diverse communities of practice without the need to establish common goals. Further, in the process of transposing the Directive into the sectoral context, Network and Information Systems requires interpretation by expert communities. We show how translating the regulatory scope to the sectoral landscape involves prioritizing some water governance goals over others. As diverse expert communities converge in their collaboration practices, their priorities align or stand in tension with public interests. We argue that cyber security regulations have potential to reconfigure water governance by refocusing strategic priorities away from traditional concerns of environmental governance. We suggest ways to maintain diverse collaborations across engineering, computing, and water expertise that Network and Information Systems implementation remains aligned with the goals of water governance.</p>

public administration,political science,law

David G. Schmale,Andrew P. Ault,Walid Saad,Durelle T. Scott,Judy A. Westrick

DOI: https://doi.org/10.3389/fbioe.2019.00128

IF: 5.7

2019-06-04

Frontiers in Bioengineering and Biotechnology

Abstract:Harmful Algal Blooms (HABs) have been observed in all 50 states in the U.S., ranging from large freshwater lakes, such as the Great Lakes, to smaller inland lakes, rivers, and reservoirs, as well as marine coastal areas and estuaries. In 2014, a HAB on Lake Erie containing microcystin (a liver toxin) contaminated the municipal water supply in Toledo, Ohio, providing non-potable water to 400,000 people. Studying HABs is complicated as different cyanobacteria produce a range of toxins that impact human health, such as microcystins, saxitoxin, anatoxin-a, and cylindrospermopsin. HABs may be increasing in prevalence with rising temperatures and higher nutrient runoff. Consequently, new tools and technology are needed to rapidly detect, characterize, and respond to HABs that threaten our water security. A framework is needed to understand cyber threats to new and existing technologies that monitor and forecast our water quality. To properly detect, assess, and mitigate security threats on water infrastructure, it is necessary to envision water security from the perspective of a cyber-physical system (CPS). In doing so, we can evaluate risks and research needs for cyber attacks on HAB-monitoring networks including data injection attacks, automated system hijacking attacks, node forgery attacks, and attacks on learning algorithms. Herein, we provide perspectives on the research needed to understand both the threats posed by HABs and the coupled cyber threats to water security in the context of HABs.

multidisciplinary sciences

Hajar Hameed Addeen,Yang Xiao,Jiacheng Li,Mohsen Guizani

DOI: https://doi.org/10.1109/access.2021.3095713

IF: 3.9

2021-01-01

IEEE Access

Abstract:Modern technologies empower water distribution systems (WDS) for better services in the processes of water supply, storage, distribution, and recycling. They improve real-time monitoring, automating, and managing. However, the limitations of these technologies introduce cyber-physical attacks to the WDS. The main goals of cyber-physical attacks include disrupting normal operations and tampering the critical data, which have negative impacts on the WDS. Therefore, it is vital to develop and implement solutions to increase the security of the WDS by detecting and mitigating cyber-physical attacks. Since security for WDS is relatively new, there are no surveys on this topic despite its vital importance. Therefore, in this paper, we provide a comprehensive survey for the common cyber-physical attacks and common detection mechanisms for the WDS. We compare the attacks and detection methods with emphasis on ideas, methods, evaluation results, advantages, limitations, etc. We further provide a future research direction. We realize that there are still not many research attempts in this area and we hope that this work can trigger more research activities related to the WDS.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chung‐Yi Lin,Yi‐Chen Ethan Yang,Faegheh Moazeni

DOI: https://doi.org/10.1029/2023wr034827

IF: 5.4

2024-01-05

Water Resources Research

Abstract:The rise in smart water technologies has introduced new cybersecurity vulnerabilities for water infrastructures. However, the implications of cyber‐physical attacks on the systems like urban drainage systems remain underexplored. This research delves into this gap, introducing a method to quantify flood risks in the face of cyber‐physical threats. We apply this approach to a smart stormwater system—a real‐time controlled network of pond‐conduit configurations, fitted with water level detectors and gate regulators. Our focus is on a specific cyber‐physical threat: false data injection (FDI). In FDI attacks, adversaries introduce deceptive data that mimics legitimate system noises, evading detection. Our risk assessment incorporates factors like sensor noises and weather prediction uncertainties. Findings reveal that FDIs can amplify flood risks by feeding the control system false data, leading to erroneous outflow directives. Notably, FDI attacks can reshape flood risk dynamics across different storm intensities, accentuating flood risks during less severe but more frequent storms. This study offers valuable insights for strategizing investments in smart stormwater systems, keeping cyber‐physical threats in perspective. Furthermore, our risk quantification method can be extended to other water system networks, such as irrigation channels and multi‐reservoir systems, aiding in cyber‐defense planning.

environmental sciences,water resources,limnology

Kazeem B. Adedeji,Yskandar Hamam

DOI: https://doi.org/10.3390/su12229555

IF: 3.9

2020-11-17

Sustainability

Abstract:Water supply systems are dynamic in nature, owing to the effect of climate change and consumer demand uncertainties. The operation of such a system must be managed effectively to meet up with the uncertainties, thus posing a key challenge. Unfortunately, previous information and communication technology (ICT) solutions could not provide the necessary support for applications to deal with the dynamics of the changing physical environment. Nevertheless, tremendous growth in technology offers better possibilities to enhance water supply systems’ operations. As a result, development in technology in sensing and instrumentation, communication and networking, computing and control is now jointly integrated with water supply system infrastructures to enhance the water system operations. One such technological paradigm shift is the cyber-physical system (CPS). In this paper, we present the concept of the CPS in the water system context and investigate the CPS applications to water supply system monitoring. Also, the various applications of CPSs and the application domain requirements are outlined. More importantly, research studies on its application to water system monitoring are scrutinized. As such, key challenges sounding the applications in WSSs are identified. We then outline the areas of improvement for further studies.

environmental sciences,environmental studies,green & sustainable science & technology

Fatai Adeshina Adelani,Enyinaya Stefano Okafor,Boma Sonimiteim Jacks,Olakunle Abayomi Ajala

DOI: https://doi.org/10.51594/estj.v5i3.953

2024-03-24

Engineering Science & Technology Journal

Abstract:This review paper delves into the critical realm of securing remote monitoring systems within water distribution networks, illuminating theoretical insights and practical lessons gleaned from collaborative projects between Africa and the United States. Given the pivotal role of water distribution networks in public health and safety, integrating remote monitoring systems offers substantial benefits in operational efficiency and resource management. However, this integration also introduces significant security vulnerabilities that pose risks to critical infrastructure data's integrity, availability, and confidentiality. Through a comprehensive analysis, this paper explores the multifaceted security challenges inherent in these systems, underscores the importance of robust theoretical frameworks for cybersecurity, and highlights effective security practices derived from international collaboration projects. It proposes principles for designing, implementing, and managing secure systems, emphasizing the necessity of defence-in-depth strategies, the principle of least privilege, and the critical role of continuous monitoring and adaptive response mechanisms. Furthermore, it identifies ongoing challenges and future directions for research, stressing the dynamic nature of cybersecurity threats and the potential of emerging technologies to fortify security measures. The paper advocates for sustained collaborative efforts and research to navigate the evolving landscape of security challenges in water distribution networks, ensuring their resilience against threats. Keywords: Remote Monitoring Systems, Water Distribution Security, Cybersecurity Frameworks.

Sridhar Adepu,Venkata Reddy Palleti,Gyanendra Mishra,Aditya Mathur

DOI: https://doi.org/10.48550/arXiv.1906.02279

2019-06-06

Abstract:A Cyber Physical System (CPS) consists of cyber components for computation and communication, and physical components such as sensors and actuators for process control. These components are networked and interact in a feedback loop. CPS are found in critical infrastructure such as water distribution, power grid, and mass transportation. Often these systems are vulnerable to attacks as the cyber components such as Supervisory Control and Data Acquisition workstations, Human Machine Interface and Programmable Logic Controllers are potential targets for attackers. In this work, we report a study to investigate the impact of cyber attacks on a water distribution (WADI) system. Attacks were designed to meet attacker objectives and launched on WADI using a specially designed tool. This tool enables the launch of single and multi-point attacks where the latter are designed to specifically hide one or more attacks. The outcome of the experiments led to a better understanding of attack propagation and behavior of WADI in response to the attacks as well as to the design of an attack detection mechanism for water distribution system.

Cryptography and Security,Systems and Control

Peter Hazell,Peter Novitzky,Steven van den Oord

DOI: https://doi.org/10.3389/fdata.2022.1057155

2023-01-04

Abstract:Attention is increasingly focused on the protection of water systems as critical infrastructure, including subsystems of supply, sanitation, hygiene, and management. Similarly increasing consideration is paid to the growing role and impact of data on water systems and management. We explore key challenges associated with data-driven water systems as critical infrastructure. First, we describe the status of water infrastructure as a part of national critical infrastructure. Second, as this infrastructure increasingly relies on the constant flow of data from a huge variety, quality, and complexity of sensors, we provide a descriptive framework to map in detail the particular expertise needed across data-driven water management, applied to the UK water infrastructure as our use case. Third, through the framework of Capabilities Approach (CA) we analyze the specific challenges of data-driven water management, and argue that the current predominant narratives in the water infrastructure discourse have difficulties to effectively convey existing and emerging challenges. Fourth, we further demonstrate the widening gap between infrastructure services and consumer goods, arguing for increased convergence of the utilization of consumer data, and developing open data ecosystems.

Rosemary A. Burk,Jan Kallberg

DOI: https://doi.org/10.1515/jhsem-2015-0047

2016-01-01

Journal of Homeland Security and Emergency Management

Abstract:Abstract Cyber security tends to only address the technical aspects of the information systems. The lack of considerations for environmental long-range implications of failed cyber security planning and measures, especially in the protection of critical infrastructure and industrial control systems, have created ecological risks that are to a high degree unaddressed. This study compares dam safety arrangements in the United States and Sweden. Dam safety in the United States is highly regulated in many states, but inconsistent over the nation. In Sweden dam safety is managed by self-regulation. The study investigates the weaknesses and strengths in these regulatory and institutional arrangements from a cyber security perspective. If ecological and environmental concerns were a part of the risk evaluation and risk mitigation processes for cyber security, the hazard could be limited. Successful environmentally-linked cyber defense mitigates the risk for significant damage to domestic freshwater, aquatic and adjacent terrestrial ecosystems, and protects ecosystem function.

public administration

Catherine E. Richards,Asaf Tzachor,Shahar Avin,Richard Fenner

DOI: https://doi.org/10.1038/s44221-023-00069-6

2023-05-12

Nature Water

Abstract:Artificial intelligence (AI) is increasingly proposed to address deficiencies across water systems, which currently leave about 25% of the global population without clean water, about 50% without sanitation services and about 30% without hygiene facilities. AI is poised to enhance supply insights, catchment management and emergency response, improve treatment plant and distribution network design, operation and maintenance, and advance service availability, demand management and water justice. However, proliferation of this nascent technology could trigger serious and unexpected problems, including system-wide compromise owing to design errors, malfunction and cyberattacks as well as exposures to cascading socio-ecological, water–energy–food nexus and coupled critical infrastructure failures. In response, we make three recommendations for safe and responsible deployment of AI across potable water supply and sewage disposal systems: address gaps in foundational infrastructure and digital literacy; establish institutional, software and hardware mechanisms for trustworthy AI; and prioritize applications based on our proposed systematic benefit and risk assessment framework.

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture

DOI: https://doi.org/10.37075/yb.2021.2.10

2021-12-28

Yearbook of UNWE

Abstract:Technical constraints in the field of transport of energy resources following the digitization are particularly relevant in the case of critical infrastructure and Industry 4.0. Since all industrial facilities, of the sector like petrochemical pipelines, expensive to build and designed without any particular form of protection against cyber-attacks, followed a plug-in approach: new technologies have been added on top of existing layers to ensure compatibility and as such became exposed to cyber-attacks. Cyberattacks on energy plants and transportation means could become the most serious threat to any country’s national security, to the impact on the population and the physical destruction of structures, usually in an extremely wide area. The paper justifies and sums up some steps that both governments and industry should follow and plan for: a) creating instruments and structures in place for conducting strategic intelligence prior to attacks on the network b) invest in designing programs that will raise the awareness of the potential threats and will map out the weak points c) boost collaboration and industry partnerships to address the increasing convergence of physical and virtual threats.

Gyan Chhipi-Shrestha,Haroon R. Mian,Saeed Mohammadiun,Manuel Rodriguez,Kasun Hewage,Rehan Sadiq

DOI: https://doi.org/10.1007/s10098-023-02477-4

IF: 4.3

2023-02-03

Clean Technologies and Environmental Policy

Abstract:Water quality deterioration in drinking water systems (i.e., system failure) causing serious outbreaks have frequently been happening around the world. These failures can be predicted through a real-time drinking water quality monitoring system for timely actions. Although Supervisory Control and Data Acquisition (SCADA) has been commonly used for this purpose, this system suffers considerable limitations, such as the scalability of sensors, lack of predictive ability, and increased burden on operators overwhelmed by superfluous notifications. Proficient artificial intelligence & soft computing (AI & SC) techniques and cloud Internet of Things (IoT) may significantly reduce the reliance on operators and eventually improve system operations. This study critically reviewed the literature published from 2000 to 2020 to evaluate AI & SC applications' trends in drinking water quality management while developing a roadmap for autonomous digital water quality management. The investigation reveals that AI & SC were primarily used for assessing drinking and surface water quality. These techniques were largely applied to effectively predict, evaluate, and control water quality. AI & SC were also used to model physicochemical (basic and complex) and microbiological parameters. The most commonly applied AI & SC techniques are the multilayer perceptron-based artificial neural network, general regression neural network, support vector machine, Bayesian networks, and the adaptive neuro-fuzzy inference system. Additional articles published after 2020 were also reviewed to compare with the measures proposed in the roadmap. This roadmap guides water utilities, policy-makers, and regulators to achieve reliable water quality in a smart and efficient manner.

environmental sciences,green & sustainable science & technology,engineering, environmental

Nataliia Neshenko,Elias Bou‐Harb,Borko Furht,Ravi Behara

DOI: https://doi.org/10.1111/risa.14209

2023-08-29

Risk Analysis

Abstract:With the continuous modernization of water plants, the risk of cyberattacks on them potentially endangers public health and the economic efficiency of water treatment and distribution. This article signifies the importance of developing improved techniques to support cyber risk management for critical water infrastructure, given an evolving threat environment. In particular, we propose a method that uniquely combines machine learning, the theory of belief functions, operational performance metrics, and dynamic visualization to provide the required granularity for attack inference, localization, and impact estimation. We illustrate how the focus on visual domain‐aware anomaly exploration leads to performance improvement, more precise anomaly localization, and effective risk prioritization. Proposed elements of the method can be used independently, supporting the exploration of various anomaly detection methods. It thus can facilitate the effective management of operational risk by providing rich context information and bridging the interpretation gap.

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Sean O'Toole,Cameron Sewell,Hoda Mehrpouyan

DOI: https://doi.org/10.48550/arXiv.2112.08473

2021-12-15

Cryptography and Security

Abstract:Due to the critical importance of Industrial Control Systems (ICS) to the operations of cities and countries, research into the security of critical infrastructure has become increasingly relevant and necessary. As a component of both the research and application sides of smart city development, accurate and precise modeling, simulation, and verification are key parts of a robust design and development tools that provide critical assistance in the prevention, detection, and recovery from abnormal behavior in the sensors, controllers, and actuators which make up a modern ICS system. However, while these tools have potential, there is currently a need for helper-tools to assist with their setup and configuration, if they are to be utilized widely. Existing state-of-the-art tools are often technically complex and difficult to customize for any given IoT/ICS processes. This is a serious barrier to entry for most technicians, engineers, researchers, and smart city planners, while slowing down the critical aspects of safety and security verification. To remedy this issue, we take a case study of existing simulation toolkits within the field of water management and expand on existing tools and algorithms with simplistic automated retrieval functionality using a much more in-depth and usable customization interface to accelerate simulation scenario design and implementation, allowing for customization of the cyber-physical network infrastructure and cyber attack scenarios. We additionally provide a novel in-tool-assessment of network's resilience according to graph theory path diversity. Further, we lay out a roadmap for future development and application of the proposed tool, including expansions on resiliency and potential vulnerability model checking, and discuss applications of our work to other fields relevant to the design and operation of smart cities.

DOI: https://doi.org/10.54060/a2zjournals.jase.42

2024-01-01

Abstract:Due to the quick development of technology, the digital age has brought with it ad-vantages never before seen, but it has also opened the door to a flood of new cyber security concerns. This study offers detailed analysis of the cyber threat environment in the digital era along with suggestions for doable protective measures. The report outlines a number of cyber threats, including malware, phishing scams, ransomware, and insider threats. It looks at the continually evolving tactics employed by cyber-criminals, such as social engineering, zero-day flaws, and sophisticated persistent threats. The growing hazards associated with cutting-edge technology, such as the Internet of Things (IoT), cloud computing, and artificial intelligence, are also exam-ined. The importance of a multi-layered security strategy to counter these attacks is emphasized in the article. Among the important preventative measures that are presented are robust network security, secure coding methodologies, user awareness training, encryption, access controls, and incident response planning. It also high-lights how crucial it is for people, businesses, and governments to collaborate in or-der to confront cyber risks. By using the recommended solutions and promoting a culture of cyber security awareness, people and organizations may navigate the dig-ital age with confidence and protect themselves from the continuously evolving environment of cyber risks.