Game Theory for Secure Critical Interdependent Gas-Power-Water Infrastructure

A city's critical infrastructure such as gas, water, and power systems, are largely interdependent since they share energy, computing, and communication resources. This, in turn, makes it challenging to endow them with fool-proof security solutions. In this paper, a unified model for interdependent gas-power-water infrastructure is presented and the security of this model is studied using a novel game-theoretic framework. In particular, a zero-sum noncooperative game is formulated between a malicious attacker who seeks to simultaneously alter the states of the gas-power-water critical infrastructure to increase the power generation cost and a defender who allocates communication resources over its attack detection filters in local areas to monitor the infrastructure. At the mixed strategy Nash equilibrium of this game, numerical results show that the expected power generation cost deviation is 35\% lower than the one resulting from an equal allocation of resources over the local filters. The results also show that, at equilibrium, the interdependence of the power system on the natural gas and water systems can motivate the attacker to target the states of the water and natural gas systems to change the operational states of the power grid. Conversely, the defender allocates a portion of its resources to the water and natural gas states of the interdependent system to protect the grid from state deviations.Comment: 7 pages, in proceedings of Resilience Week 201

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

A Systematic Review of the State of Cyber-Security in Water Systems

Critical infrastructure systems are evolving from isolated bespoke systems to those that use general-purpose computing hosts, IoT sensors, edge computing, wireless networks and artificial intelligence. Although this move improves sensing and control capacity and gives better integration with business requirements, it also increases the scope for attack from malicious entities that intend to conduct industrial espionage and sabotage against these systems. In this paper, we review the state of the cyber-security research that is focused on improving the security of the water supply and wastewater collection and treatment systems that form part of the critical national infrastructure. We cover the publication statistics of the research in this area, the aspects of security being addressed, and future work required to achieve better cyber-security for water systems

A systemic review of the cybersecurity challenges in Australian water infrastructure management

Cybersecurity risks have become obstinate problems for critical water infrastructure management in Australia and worldwide. Water management in Australia involves a vast complex of smart technical control systems interconnected with several networks, making the infrastructure susceptible to cyber-attacks. Therefore, ensuring the use of security mechanisms in the control system modules and communication networks for sensors and actuators is vital. The statistics show that Australia is facing frequent cyber-attacks, most of which are either undetected or overlooked or require immediate response. To address these cyber risks, Australia has changed from a country with negligible recognition of attacks on critical infrastructure to a country with improved capability to manage cyber warfare. However, little attention is paid to reducing the risk of attacks to the critical water infrastructure. This study aims to evaluate Australia’s current cybersecurity attack landscape and the implemented controls for water infrastructure using a systematic literature review (SLR). This study also compares Australia in the context of global developments and proposes future research directions. The synthesis of the evidence from 271 studies in this review indicates the importance of managing security vulnerabilities and threats in SCADA water control systems, including the need to upgrade the contemporary water security architecture to mitigate emerging risks. Moreover, human resource development with a specific focus on security awareness and training for SCADA employees is found to be lacking, which will be essential for alleviating cyber threats to the water infrastructure in Australia

Wireless ICS Training Platform

Indiana University - Purdue University IndianapolisEssential public services, such as Electric, Water and Gas Utilities, are becoming increasingly reliant on network connected devices to control their processes. Wireless control systems are becoming more common in distributed systems, since they offer many advantages over hard wired alternatives. While cyber physical systems such as PLCs offer many advantages, they are also vulnerable to cyber-attacks. Military force readiness for defense of critical infrastructure against cyber-attacks requires state of the industry industrial control systems for cyber security training. A remote terminal unit using broad spectrum radio was integrated into an existing Water Treatment Plant SCADA system and provided to the US Army for training.Electrical Engineering Technolog

Trends in Process Control Systems Security

The protection of critical infrastructure systems is a hotly debated topic. The very label critical infrastructure implies that these systems are important, and they are: they support our everyday lives, from the water and food in our homes to our physical and financial welfare. This article explores the recent evolution of programmable logic controllers (PCSs) and their environments, explains the need for improved security in these systems, and describes some of the emerging research areas that offer promise in PCS security

Nature-based Solutions and Water Security

This helpdesk report highlights some of the best practice examples of Nature-based Solutions (NbS) for water security and examines the implementation challenges and lessons learned. NbS is an umbrella term for a range of approaches and activities including source water protection, watershed management, wetlands restoration, protection, and construction, water harvesting, agricultural best management practices, afforestation, sustainable drainage systems and protecting mangroves, amongst others. Water security is important for sustaining livelihoods, human well-being and socio-economic development. Water insecurity is increasing and nature-based solutions (NbS) can address some key water security challenges. Best practice examples of nature-based solutions include: water for agriculture; source water protection and water funds and urban green infrastructure. Combining green and grey infrastructure can improve storage and supply, lower costs, produce more resilient services, enhance system performance and better protect communities. There is some evidence that green infrastructure performs equal or better than grey infrastructure and is cost-effective in comparison. Scaling-up NbS faces the following implementation challenges: finance; scale and context; equity; stakeholder engagement and gaps in technical guidance. There is a high degree of variation in how ecosystems impact on hydrology. Consequently, site-specific knowledge will be important in implementing Nb