Improving operational security for web-based distributed control systems in wastewater management

Traditional industrial systems have been designed to ne intrinsically safe by isolating their monitoring and control network. Considering the possible impact of a security attack, many plants today still choose to use this method to ensure maximum protection. At the same time, a separate trend observed in highly distributed applications like water management systems, is to centralize more local SCADA sites, into a Regional Control Center (RCC). This allows more efficient operation of existing resources and even integration with high level applications like water network modelling and simulation tools. Typical network include Ethernet and GSM communication. In order to benefit most from the implementation of plant-wide applications with reduced operating costs, increased flexibility and availability we need to address correctly the security aspects. This paper presents a methodology for improving operational security in a wastewater treatment plant and exemplifies its implementation in a specific application.

[1]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[2]  Guo Zhizhong,et al.  Vulnerability Assessment of Cyber Security in Power Industry , 2006, 2006 IEEE PES Power Systems Conference and Exposition.

[3]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[4]  David Hutchison,et al.  Towards Real-Time Assessment of Industrial Control Systems (ICSs): A Framework for Future Research , 2013, ICS-CSR.

[5]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[6]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[7]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[8]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.