7. Strategic and Tactical Cyber-Physical Security for Critical Water Infrastructures

By Dionysios Nikolopoulos, National Technical University of Athens, 5, Iroon Polytechniou Str. Zografou, Athens, Greece | Georgios Moraitis, National Technical University of Athens, 5, Iroon Polytechniou Str. Zografou, Athens, Greece | Christos Makropoulos, National Technical University of Athens, 5, Iroon Polytechniou Str. Zografou, Athens, Greece

Downloaded: 361 times

Published: 15 Sep 2021

© 2021 Dionysios Nikolopoulos | Georgios Moraitis | Christos Makropoulos

Abstract

Critical infrastructures of the water sector are currently undergoing a digital transformation of their assets, operations and services. The tight integration of new ICT technologies for monitoring and control with the physical processes of the water sector creates a complex cyber-physical system. Efficiency and automation advantages notwithstanding, this integration exposes water systems to an expanded threat surface that includes cyber-attacks, such as hacking, unauthorized data access and Denial of Service (DoS) attacks in addition to traditional physical threats such as deliberate contamination attacks and sabotage. The surge of recent incidents that target water systems forces the sector to adopt critical infrastructure protection and cyber security policies. There is an urgent need for integrated frameworks and cyber-physical modelling tools for risk management to help water utilities identify vulnerabilities and protect critical parts of their systems, and to make their infrastructures more resilient. The Risk Analysis and Evaluation Toolkit (RAET) is such a platform, able to analyse and evaluate cyber-physical threats to water systems, currently focusing on water distribution networks. It comprises a multitude of innovative tools for fault tree analysis, threat scenario formulation, cyber-physical simulation engines (including hydraulics and quality simulators) and results visualization. In this chapter we present the context (technological and regulatory) of this cyber-physical evolution for water systems and explain both key vulnerability and main approaches to address them. We then briefly present RAET with illustrative examples. It is suggested that RAET is an innovative 'one stop shop' solution able to support risk management, strategic planning procedures and cyber-security practises for 'cyber-wise' water utilities.