Characterizing Cyber-Physical Attacks on Water Distribution Systems
Publication: Journal of Water Resources Planning and Management
Volume 143, Issue 5
Abstract
This work contributes a modeling framework to characterize the effect of cyber-physical attacks (CPAs) on the hydraulic behavior of water distribution systems. The framework consists of an attack model and a MATLAB toolbox named epanetCPA. The former identifies the components of the cyber infrastructure (e.g., sensors or programmable logic controllers) that are potentially vulnerable to attacks, whereas the latter allows determining the exact specifications of an attack (e.g., timing or duration) and simulating it with EPANET. The framework is applied to C-Town network for a broad range of illustrative attack scenarios. Results show that the hydraulic response of the network to a cyber-physical attack depends not only on the attack specifications, but also on the system initial conditions and demand at the junctions. It is also found that the same hydraulic response can be obtained by implementing completely different attacks. This has some important implications on the design of attack detection mechanisms, which should identify anomalous behaviors in a water network as well as the cyber components being hacked. Finally, the manuscript presents some ideas regarding the next steps needed to thoroughly assess the risk of cyber attacks on water distribution systems.
Get full access to this article
View all available purchase options and get full access to this article.
Acknowledgments
This work was supported by the National Research Foundation (NRF), Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-40).
References
Ackerman, G. (2015). “New York and Jerusalem partnership plans to defend water supply.” ⟨http://www.bloomberg.com/news/articles/2015-10-20/new-york-and-jerusalem-partnership-plans-to-defend-water-supply⟩ (Jun. 20, 2016).
Amin, S., Litrico, X., Sastry, S., and Bayen, A. M. (2013a). “Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks.” IEEE Trans. Control Syst. Technol., 21(5), 1963–1970.
Amin, S., Litrico, X., Sastry, S., and Bayen, A. M. (2013b). “Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models.” IEEE Trans. Control Syst. Technol., 21(5), 1679–1693.
Atzori, L., Iera, A., and Morabito, G. (2010). “The internet of things: A survey.” Comput. networks, 54(15), 2787–2805.
Bobat, A., Gezgin, T., and Aslan, H. (2015). “The SCADA system applications in management of Yuvacik Dam and Reservoir.” Desalin. Water Treat., 54(8), 2108–2119.
Bristow, E., Brumbelow, K., and Kanta, L. (2007). “Vulnerability assessment and mitigation methods for interdependent water distribution and urban fire response systems.” World Environmental and Water Resources Congress, ASCE, Reston, VA, 1–10.
Cardenas, A. A., Amin, S., and Sastry, S. (2008). “Secure control: Towards survivable cyber-physical systems.” 28th Int. Conf. on Distributed Computing Systems Workshops, IEEE, New York, 495–500.
Cominola, A., Giuliani, M., Piga, D., Castelletti, A., and Rizzoli, A. E. (2015). “Benefits and challenges of using smart meters for advancing residential water demand modeling and management: A review.” Environ. Modell. Software, 72, 198–214.
Creaco, E., Alvisi, S., and Franchini, M. (2015). “Multistep approach for optimizing design and operation of the C-Town pipe network model.” J. Water Resour. Plann. Manage., .
Creaco, E., Franchini, M., and Todini, E. (2016). “Generalized resilience and failure indices for use with pressure-driven modeling and leakage.” J. Water Resour. Plann. Manage., .
Dakin, R., Newman, R., and Groves, D. (2009). “The case for cyber security in the water sector.” J. Am. Water Works Assoc., 101(12), 30.
Davis, M. J., and Janke, R. (2008). “Importance of exposure model in estimating impacts when a water distribution system is contaminated.” J. Water Resour. Plann. Manage., 449–456.
EPA (Environmental Protection Agency). (2011). “EPA has taken steps to address cyber threats but key actions remain incomplete.”, Office of Inspector General, Washington, DC.
EPANET [Computer software]. U.S. Environmental Protection Agency, Cincinnati.
Gong, W., et al. (2016). “Mobile sensor networks for optimal leak and backflow detection and localization in municipal water networks.” Environ. Modell. Software, 80, 306–321.
Hart, W. E., and Murray, R. (2010). “Review of sensor placement strategies for contamination warning systems in drinking water distribution systems.” J. Water Resour. Plann. Manage., 611–619.
Horta, R. (2007). “The city of Boca Raton: A case study in water utility cybersecurity.” J. Am. Water Works Assn., 99(3), 48.
ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). (2014). “The industrial control systems-cyber emergency response team.”, Dept. of Homeland Security, Washington, DC.
Krotofil, M., Cárdenas, A. A., Manning, B., and Larsen, J. (2014). “CPS: Driving cyber-physical systems to unsafe operating conditions by timing DoS attacks on sensor signals.” Proc., Computer Security Applications Conf. (ACSAC), ACM, New York, 146–155.
Lee, E. A. (2008). “Cyber physical systems: Design challenges.” 2008 11th IEEE Int. Symp. on Object Oriented Real-Time Distributed Computing (ISORC), IEEE, New York, 363–369.
Lewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war and other cyber threats, Center for Strategic and International Studies, Washington, DC.
MATLAB [Computer software]. MathWorks, Natick, MA.
Ostfeld, A., et al. (2008). “The battle of the water sensor networks (BWSN): A design challenge for engineers and algorithms.” J. Water Resour. Plann. Manage., 556–568.
Ostfeld, A., et al. (2012). “Battle of the water calibration networks.” J. Water Resour. Plann. Manage., 523–532.
Ostfeld, A., and Salomons, E. (2004). “Optimal layout of early warning detection stations for water distribution systems security.” J. Water Resour. Plann. Manage., 377–385.
Perelman, L., and Amin, S. (2014). “A network interdiction model for analyzing the vulnerability of water distribution systems.” Proc., 3rd Int. Conf. on High Confidence Networked Systems, ACM, New York, 135–144.
Raad, D., Sinske, A., and Van Vuuren, J. (2010). “Comparison of four reliability surrogate measures for water distribution systems design.” Water Resour. Res., 46(5), 1–11.
Rasekh, A., and Brumbelow, K. (2013). “Probabilistic analysis and optimization to characterize critical water distribution system contamination scenarios.” J. Water Resour. Plann. Manage., 191–199.
Rasekh, A., and Brumbelow, K. (2014). “Drinking water distribution systems contamination management to reduce public health impacts and system service interruptions.” Environ. Modell. Software, 51, 12–25.
Rasekh, A., Hassanzadeh, A., Mulchandani, S., Modi, S., and Banks, M. K. (2016). “Smart water networks and cyber security.” J. Water Resour. Plann. Manage., .
Saldarriaga, J., et al. (2015). “Rehabilitation and leakage reduction on C-Town using hydraulic criteria.” J. Water Resour. Plann. Manage., .
Sayyed, M. A. H. A., Gupta, R., and Tanyimboh, T. T. (2015). “Noniterative application of epanet for pressure dependent modelling of water distribution systems.” Water Resour. Manage., 29(9), 3227–3242.
Schwab, K. (2016). “The fourth industrial revolution.” World Economic Forum, Geneva.
Shang, F., Uber, J. G., and Rossman, L. (2008). “EPANET multi-species extension user’s manual.” Risk reduction engineering laboratory, U.S. Environmental Protection Agency, Cincinnati.
Shortridge, J. E., and Guikema, S. D. (2014). “Public health and pipe breaks in water distribution systems: Analysis with internet search volume as a proxy.” Water Res., 53, 26–34.
Slay, J., and Miller, M. (2008). Lessons learned from the Maroochy water breach. Springer, Boston.
Sousa, J., Muranho, J., Sá Marques, A., and Gomes, R. (2015). “Optimal management of water distribution networks with simulated annealing: The C-Town problem.” J. Water Resour. Plann. Manage., .
Spellman, F. R. (2013). Handbook of water and wastewater treatment plant operations, CRC Press, Boca Raton, FL.
Taormina, R., Galelli, S., Tippenhauer, N., Ostfeld, A., and Salomons, E. (2016). “Assessing the effect of cyber-physical attacks on water distribution systems.” World Environmental and Water Resources Congress, ASCE, Reston, VA, 436–442.
Todini, E. (2000). “Looped water distribution networks design using a resilience index based heuristic approach.” Urban water, 2(2), 115–122.
Urbina, D., Giraldo, J., Tippenhauer, N. O., and Cárdenas, A. (2016). “Attacking fieldbus communications in ICS: Applications to the SWaT testbed.” Proc., Singapore Cyber Security Conf. (SG-CRC), IOS Press BV, Amsterdam, Netherlands.
Information & Authors
Information
Published In
Journal of Water Resources Planning and Management
Volume 143 • Issue 5 • May 2017
Copyright
©2017 American Society of Civil Engineers.
History
Received: Jul 14, 2016
Accepted: Oct 19, 2016
Published online: Feb 7, 2017
Published in print: May 1, 2017
Discussion open until: Jul 7, 2017
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.