Cyber Targets Water Management
Water management is a critical infrastructure activity in The Netherlands. Many organizations, ranging from local municipalities to national departments are involved in water management by controlling the water level to protect the land from flooding and to allow inland shipping. Another important water management task is the purification of waste water and sewage. To fulfill these tasks, such organizations depend on information and communication technologies, ranging from standard office IT facilities to Industrial Control Systems (ICS), for example to control excess water pumps and locks, as well as to monitor and control water purification plants. The worldwide increase of both volume and sophistication of cyber attacks made the Dutch government decide to sponsor a project to determine a cyber security posture of the water management organizations by benchmarking the cyber security state of their water management installations and processes. In this paper we present our benchmark approach to the security of ICS. Moreover, we discuss the major results of the benchmark as well as a cyber security simulator that was developed to raise awareness and develop further knowledge on the ICS-specific issues.
KeywordsCritical infrastructure protection Water management Cyber security Industrial Control System SCADA Cyber resilience Benchmark Simulator
The Dutch government funds research by universities which aim to generate knowledge which needs to flow to both the education of next generation students and to organizations. This funding scheme is called ‘Regionale Aandacht en Actie voor Kenniscirculatie’, abbreviated RAAK which translates into English as on tar-get.
- 1.Almalawi, A., Tari, Z., Khalil, I., Fahad, A.: SCADAVT-A framework for SCADA security testbed based on virtualization technology. In: 2013 IEEE 38th Conference on Local Computer Networks (LCN), pp. 639–646. IEEE (2013)Google Scholar
- 3.CIP: Traffic Light Protocol (TLP), April 2016. https://publicwiki-01.fraunhofer.de/CIPedia/index.php/Traffic_Light_Protocol_%28TLP%29 (2015)
- 4.ISO: ISO/IEC 27005:2011: Information technology - security techniques - information security risk management. Technical report, ISO (2011)Google Scholar
- 5.Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490–4494. IEEE (2011)Google Scholar
- 6.Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: KVM: The linux virtual machine monitor. In: Proceedings of the Linux symposium, vol. 1, pp. 225–230 (2007)Google Scholar
- 8.Luiijf, H.: SCADA Security Good Practices for the Drinking Water Sector. TNO, Den Haag (2008)Google Scholar
- 9.Luiijf, H., te Paske, B.J.: Cyber security of industrial control systems. Technical report, TNO (2015)Google Scholar
- 11.Mattioli, R., Moulinos, K.: Analysis of ICS-SCADA cyber security maturity levels in critical sectors. Technical report, ENISA (2015)Google Scholar
- 13.O’Gorman, J., Kearns, D., Aharoni, M.: Metasploit: The Penetration Tester’s Guide. No Starch Press, San Francisco (2011)Google Scholar
- 14.Pfaff, B., Pettit, J., Amidon, K., Casado, M., Koponen, T., Shenker, S.: Extending networking into the virtualization layer. In: Hotnets (2009)Google Scholar
- 15.Roesch, M., et al.: Snort: Lightweight intrusion detection for networks. In: Proceedindgs of the 13th USENIX Large Installation Systems Administration Conference, LISA 1999, vol. 99, pp. 229–238. USENIX Association (1999)Google Scholar
- 16.Siemens: System overview simatic s7–1200, April 2016. http://w3.siemens.com/mcms/programmable-logic-controller/en/basic-controller/s7-1200/system-overview/Pages/default.aspx