Abstract

Traditionally, cyber and physical security have been conceived and managed as two separate entities. Water CIs have always given more attention to physical than cyber security. However, current sophisticated attacks are disrupting both virtual and physical network elements, giving rise to a wide number of vulnerabilities and complex cyber-physical attacks with potential disastrous consequences. In order to cope with the current technological challenges, we propose an analytic platform for the real-time detection, analysis and visualization of Cyber and Physical security events affecting water CIs at operational levels. The platform assigns severity values to each correlated alarm that will guide security analysts in the decision-making process of prioritizing mitigation actions. A series of passive and active attack scenarios against the target water infrastructure are executed to analyse the mechanisms used for the detection and correlation of cyber-physical security events. Results show a promising approach for the detection of complex attacks based on cross-correlation rules and enhanced visualization techniques.