Skip to main content

Strategic, Tactical, Operational Protection of water Infrastructure against cyber-physical Threats

Article Category

Article available in the folowing languages:

Like a guardian angel to keep water flowing through critical infrastructure

As the water supply system becomes more digitalised, cyberthreats are increasing. It is time for an all-hazard risk management and mitigation system.

Security

Water is essential for life, health and economies. Water infrastructure is prone to physical threats, including natural hazards, terrorist attacks and accidents, and increasing cyberthreats that are leveraging expanded digitalisation and automation. The EU-funded STOP-IT project brought together 23 partners from across Europe and Israel to address this pressing need. Its resulting holistic, modular and scalable platform supports strategic and tactical planning, real-time operational decision-making and post-action assessment regarding cyber, physical and combined cyber-physical threats to water infrastructures.

A complicated and changing waterscape, a holistic solution

“Although promising conceptual and technological solutions for water systems security and resilience were available, work was required to bring them together in an overarching risk management framework, strengthen the water utilities’ systematic protection of their systems, determine gaps in security technologies, and improve risk management approaches and technologies,” explains Rita Ugarelli, chief scientist at SINTEF AS and STOP-IT coordinator. The STOP-IT platform includes technological solutions and analysis tools. Strategic and tactical tools enable simulations of customised attack scenarios to assess the service disruption risk and the effectiveness of risk reduction measures. Extensive near-real-time or real-time operational tools detect anomalies such as jamming attacks, physical intrusions, abnormal behaviours, and loss of data availability and integrity, and they assign risk severity indicators to assist in prioritising mitigation. Since new digital systems and devices for water systems require new types of expertise, the project developed tailor-made training material for specific end users within the water utilities’ risk management circle. Water utilities involved in the project are already using some of the STOP-IT solutions and training material.

With a gush of enthusiasm

All partners expressed in closing interviews that STOP-IT has had a significant impact on the water sector’s capacity to detect, assess and respond to physical and cyberthreats to critical water infrastructures and to reduce human exposure, thus contributing to the protection of human health and life. Interested parties can find fact sheets for each tool and technology along with training and dissemination materials on a dedicated project web page. The tools could not have come at a better time. “The increased frequency and sophistication of cyberattacks has in part been due to the COVID-19 pandemic and the open operational environment required for remote work. As a result, STOP-IT has generated more interest than expected, fostering successful collaborations with other projects and relevant networks,” states Ugarelli. Further, the tools and technologies will support the required implementation of the proposed critical entities resilience directive under which Member States will have to carry out risk assessments and take appropriate measures to boost resilience. STOP-IT has integrated the security and safety spheres with technological solutions and strengthened collaboration between security and safety experts within the water sector. Ugarelli concludes: “STOP-IT has developed the concepts, methods and tools that will enable water systems of the future to leverage the advantages of exciting new developments in information and communications technologies, while not compromising safety and security. This is as important as it is timely.” Water infrastructure has entered a new era of cyber and physical security.

Keywords

STOP-IT, water, water infrastructure, risk management, cyberthreats, water utilities, critical entities resilience directive

Discover other articles in the same domain of application