8. Cyber-Physical Solutions for Real-time Detection, Analysis and Visualization at Operational Level in Water CIs

By Gustavo Gonzalez-Granadillo, Atos Research & Innovation, Cybersecurity Laboratory, Spain | Rodrigo Diaz, Atos Research & Innovation, Cybersecurity Laboratory, Spain | Theodora Karali, Risa Sicherheitsanalysen GmbH, Xantener Straße 11, Berlin Germany | Juan Caubet, Eurecat, Centre Tecnològic de Catalunya, IT & OT Security Unit, Spain | Ignasi Garcia-Milà, Worldsensing, Barcelona, Spain

Downloaded: 356 times

Published: 15 Sep 2021

© 2021 Gustavo Gonzalez-Granadillo | Rodrigo Diaz | Theodora Karali | Juan Caubet | Ignasi Garcia-Milà

Abstract

Traditionally, cyber and physical security have been conceived and managed as two separate entities. Water CIs have always given more attention to physical than cyber security. However, current sophisticated attacks are disrupting both virtual and physical network elements, giving rise to a wide number of vulnerabilities and complex cyber-physical attacks with potential disastrous consequences. In order to cope with the current technological challenges, we propose an analytic platform for the real-time detection, analysis and visualization of Cyber and Physical security events affecting water CIs at operational levels. The platform assigns severity values to each correlated alarm that will guide security analysts in the decision-making process of prioritizing mitigation actions. A series of passive and active attack scenarios against the target water infrastructure are executed to analyse the mechanisms used for the detection and correlation of cyber-physical security events. Results show a promising approach for the detection of complex attacks based on cross-correlation rules and enhanced visualization techniques.