Authors: Nikolopoulos D., Moraitis.G, Makropoulos C.
Book: Cyber-Physical Threat Intelligence for Critical Infrastructures Security
Issue / Pages: 159-187
Publisher: Now Publishers
Publication Date: 2021
Title: Strategic and Tactical Cyber-Physical Security for Critical Water Infrastructures
ABSTRACT
Critical infrastructures of the water sector are currently undergoing a digital transformation of their assets, operations, and services. The tight integration of new ICT technologies for monitoring and control with the physical processes of the water sector creates a complex cyber-physical system. Efficiency and automation advantages notwithstanding, this integration exposes water systems to an expanded threat surface that includes cyberattacks, such as hacking, unauthorized data access, and Denial of Service (DoS) attacks in addition to traditional physical threats such as deliberate contamination attacks and sabotage. The surge of recent incidents that target water systems forces the sector to adopt critical infrastructure protection and cybersecurity policies. There is an urgent need for integrated frameworks and cyber-physical modeling tools for risk management to help water utilities identify vulnerabilities and protect critical parts of their systems, and to make their infrastructures more resilient.
The Risk Analysis and Evaluation Toolkit (RAET) is such a platform, able to analyze and evaluate cyber-physical threats to water systems, currently focusing on water distribution networks. It comprises a multitude of innovative tools for fault tree analysis, threat scenario formulation, cyber-physical simulation engines (including hydraulics and quality simulators) and results visualization. In this chapter we present the context (technological and regulatory) of this cyber-physical evolution for water systems and explain both key vulnerability and main approaches to address them. We then briefly present RAET with illustrative examples. It is suggested that RAET is an innovative “one stop shop” solution able to support risk management, strategic planning procedures, and cyber-security practices for “cyber-wise” water utilities.
