Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security in the Water Sector

Published byEmory Lang Modified over 7 years ago

Similar presentations

Presentation on theme: "Cyber Security in the Water Sector"— Presentation transcript:

1 Cyber Security in the Water Sector
Author: Brandon Khoury Faculty Advisor: Dr. Lingfeng Wang Electrical Engineering and Computer Science

2 Research Objectives Highlight importance of cyber security in water sector Review historical progression Intrusion path analysis Means of risk mitigation and assessment

3 Background Vital to the daily function of the general population
Small amount of water plants provide service to over three quarters of U.S. population [1] Industry mission sight includes reliable and affordable water services

4 Background cont. Industrial automation technology Components
Supervisory Control and Data Acquisition (SCADA) networks Industrial Control Systems (ICS) Components Programmable Logic Controller (PLC) Human Machine Interface (HMI) Server/Client communication protocol Network connectivity

5 Sensor/Telemetry Site Growth vs. Time
Background cont. Sensor/Telemetry Site Growth vs. Time Source: See references [5]

6 Methodology Open ended methodology Deductive Inductive
General sources/inquires lead to more specifically focused research Inductive Specific technological factor leads to hypothesis on general vulnerability Confirm with research Synthesis of data – intrusion path analysis

7 Theoretical Intrusion Path

8 Intrusion Path cont. Denial of Service (DoS) scenario
Affects integrity (ability to function correctly and detect error/malicious activity) of system components [4] Capitalizes on water sector and SCADA weaknesses Lack of resources for incident detection Intrinsically archaic network architectures Complex hacking code and lack of anti-virus software Un-encrypted communication protocol, MODBUS for example

9 Risk Mitigation Technical: Process/Organizational:
Multi-Factor Authentication Virus protection software/intrusion detection Transaction logging (MODBUS) [2] Network segmentation Process/Organizational: Maintain IT staff Risk mitigation goals Performance metrics [5] Response/disaster recovery plan [3]

10 Example of simple network segmentation architecture
Risk Mitigation cont. Example of simple network segmentation architecture

11 Conclusion Why is this important?
Water industry designed without security as a primary concern Technological advances put sector even more at risk An attack could endanger public health Inhibit primary industrial functions that required water Upgrading to adequate security is a large task Time, Money, Manpower Constant quality control

12 Questions Questions? Thank you!

13 References [1] C. Copeland and B. Cody, “Terrorism and Security Issues Facing the Water Infrastructure Sector,” Congr. Res. Serv. Rep., pp. 1–6, 2010. [2] E. J. Byres, M. Franz, and D. Miller, “The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems.” [3] S. Panguluri, W. Phillips, and P. Ellis, “Cyber Security: Protecting Water and Wastewater Infrastructure,” Handb. Water Wastewater Syst. Prot., pp. 285–318, [4] S. Amin, X. Litrico, S. Sastry, and A. M. Bayen, “Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks,” pp. 1–8, [5] Water Sector Coordinating Council Cyber Security Working Group, “Roadmap to Secure Control Systems in the Water Sector,” pp.5–37, 2008.

Download ppt "Cyber Security in the Water Sector"

Similar presentations

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.

h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.

Cyber Threats/Security and System Security of Power Sector Workshop on Crisis & Disaster Management of Power Sector P.K.Agarwal, AGM Power System Operation.
A Critical Infrastructure Testbed for Cybersecurity Research and Education Ai Onda, Kalana Pothuvila, Joseph Urban, and Jordan Berg Abstract Awareness.

A Critical Infrastructure Testbed for Cybersecurity Research and Education Ai Onda, Kalana Pothuvila, Joseph Urban, and Jordan Berg Abstract Awareness.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.

GridWise ® Architecture Council Cyber-Physical System Requirements for Transactive Energy Systems Shawn A. Chandler Maseeh College of Electrical and Computer.
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.

הקריה למחקר גרעיני - נגב Nuclear Research Center – Negev (NRCN) Society of Electrical and Electronics Engineers in Israel (SEEEI) 2012 Eran Salfati, Amir.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

Similar presentations

Ads by Google