High-Fidelity Cyber and Physical Simulation of Water Distribution Systems. II: Enabling Cyber-Physical Attack Localization
Publication: Journal of Water Resources Planning and Management
Volume 149, Issue 5
Abstract
A fundamental problem in the realm of cyber-physical security of smart water networks is attack detection, a key step towards designing adequate countermeasures. This task is typically carried out by algorithms that analyze time series of process data. However, the nature of the data available to develop these algorithms limits their capabilities: by relying on process data only, one cannot distinguish a cyber-attack from the failure of a system’s component or identify the root cause of an attack. Here, we show that these limitations can be addressed through the joint analysis of process and network data—with the latter representing the information exchanged between the components constituting the Industrial Control System, such as sensors and Programmable Logic Controllers (PLCs). For this purpose, we utilize a dataset generated by digital hydraulic simulator (DHALSIM)—a numerical modelling platform built on a two-way interaction between EPANET version 2.2 and a network emulation tool—which is extended here to include a framework for launching cyber-physical attacks. This paper presents a dataset with realistic network information of a smart water network under cyber-physical attacks and presents an analysis of how that information can enable the development of better intrusion detection systems that can localize and identify attacks. Through this analysis, the dataset provided here, and the open-source availability of DHALSIM, our work paves the way to a novel class of analytics for actionable detection.
Get full access to this article
View all available purchase options and get full access to this article.
Data Availability Statement
DHALSIM is available at https://github.com/afmurillo/DHALSIM. Some or all data, models, or code generated or used during the study are available in a repository or online in accordance with founder data retention policies. The dataset is available at https://zenodo.org/record/6323248.
Acknowledgments
This research is supported by Singapore’s National Satellite Of Excellence, Design Science and Technology for Secure Critical Infrastructure (NSoE DeST-SCI) through the project “LEarning from Network and Process data to secure Water Distribution Systems (LENP-WDS)” (Award No. NSoE_DeST-SCI2019-0003) and by the Faculty of Civil Engineering and Geosciences of Delft University of Technology.
References
Abe, S., M. Fujimoto, S. Horata, Y. Uchida, and T. Mitsunaga. 2016. “Security threats of internet-reachable ICS.” In Proc., 2016 55th Annual Conf. of the Society of Instrument and Control Engineers of Japan (SICE), 750–755. New York: IEEE.
Abokifa, A. A., K. Haddad, C. Lo, and P. Biswas. 2019. “Real-time identification of cyber-physical attacks on water distribution systems via machine learning-based anomaly detection techniques.” J. Water Resour. Plann. Manage. 145 (1): 04018089. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001023.
Addeen, H. H., Y. Xiao, J. Li, and M. Guizani. 2021. “A survey of cyber-physical attacks and detection methods in smart water distribution systems.” IEEE Access 9: 99905–99921. https://doi.org/10.1109/ACCESS.2021.3095713.
Ahmed, C. M., M. R. Gauthama Raman, and A. P. Mathur. 2020. “Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems.” In Proc., 6th ACM on Cyber-Physical System Security Workshop, CPSS ’20, 23–29. New York: Association for Computing Machinery.
Berglund, E. Z., J. E. Pesantez, A. Rasekh, M. E. Shafiee, L. Sela, and T. Haxton. 2020. “Review of modeling methodologies for managing water distribution security.” J. Water Resour. Plann. Manage. 146 (8): 03120001. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001265.
Chandy, S. E., A. Rasekh, Z. A. Barker, and M. E. Shafiee. 2019. “Cyberattack detection using deep generative models with variational inference.” J. Water Resour. Plann. Manage. 145 (2): 04018093. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001007.
Douglas, H. C., R. Taormina, and S. Galelli. 2019. “Pressure-driven modeling of cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 145 (3): 06019001. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001038.
Dzung, D., M. Naedele, T. Von Hoff, and M. Crevatin. 2005. “Security for industrial communication systems.” Proc. IEEE 93 (6): 1152–1177. https://doi.org/10.1109/JPROC.2005.849714.
Erba, A., R. Taormina, S. Galelli, M. Pogliani, M. Carminati, S. Zanero, and N. O. Tippenhauer. 2020. “Constrained concealment attacks against reconstruction-based anomaly detectors in industrial control systems.” In Proc., Annual Computer Security Applications Conf., ACSAC ’20, 480–495. New York: Association for Computing Machinery.
Galloway, B., and G. P. Hancke. 2013. “Introduction to industrial control networks.” IEEE Commun. Surv. Tutorials 15 (2): 860–880. https://doi.org/10.1109/SURV.2012.071812.00124.
Hassanzadeh, A., A. Rasekh, S. Galelli, M. Aghashahi, R. Taormina, A. Ostfeld, and M. K. Banks. 2020. “A review of cybersecurity incidents in the water sector.” J. Environ. Eng. 146 (5): 03120003. https://doi.org/10.1061/(ASCE)EE.1943-7870.0001686.
Humayed, A., J. Lin, F. Li, and B. Luo. 2017. “Cyber-physical systems security: A survey.” IEEE Internet Things J. 4 (6): 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172.
Kadosh, N., A. Frid, and M. Housh. 2020. “Detecting cyber-physical attacks in water distribution systems: One-class classifier approach.” J. Water Resour. Plann. Manage. 146 (8): 04020060. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001259.
Kayan, H., M. Nunes, O. Rana, P. Burnap, and C. Perera. 2022. “Cybersecurity of industrial cyber-physical systems: A review.” ACM Comput. Surv. 54 (11s): 1–35. https://doi.org/10.1145/3510410.
Kobayashi, T. H., A. B. Batista, A. M. Brito, and P. S. Motta Pires. 2007. “Using a packet manipulation tool for security analysis of industrial network protocols.” In Proc., 2007 IEEE Conf. on Emerging Technologies and Factory Automation (EFTA 2007), 744–747. New York: IEEE.
Krotofil, M., A. Cárdenas, J. Larsen, and D. Gollmann. 2014. “Vulnerabilities of cyber-physical systems to stale data-determining the optimal time to launch attacks.” Int. J. Crit. Infrastruct. Prot. 7 (4): 213–232. https://doi.org/10.1016/j.ijcip.2014.10.003.
Labs, V. 2022. “Analysis of clop’s attack on south Staffordshire water: UK.” Accessed August 20, 2022. https://securityboulevard.com/2022/08/analysis-of-clops-attack-on-south-staffordshire-water-uk/.
Lantz, B., B. Heller, and N. McKeown. 2010. “A network in a laptop: Rapid prototyping for software-defined networks.” In Proc., 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets-IX. New York: Association for Computing Machinery.
Makropoulos, C., and D. Savić. 2019. “Urban hydroinformatics: Past, present and future.” Water 11 (10): 1959. https://doi.org/10.3390/w11101959.
Murillo, A., R. Taormina, N. O. Tippenhauer, D. Salaorni, R. van Dijk, L. Jonker, S. Vos, M. Weyns, and S. Galelli. 2022. “High-fidelity cyber and physical simulation of water distribution systems. I: Models and Data.” J. Water Resour. Plann. Manage. 149 (5): 04023009. https://doi.org/10.1061/JWRMD5.WRENG-5853.
Nikolopoulos, D., and C. Makropoulos. 2021. “Stress-testing water distribution networks for cyber-physical attacks on water quality.” Urban Water J. 19 (3): 256–270. https://doi.org/10.1080/1573062X.2021.1995446.
Nikolopoulos, D., G. Moraitis, D. Bouziotas, A. Lykou, G. Karavokiros, and C. Makropoulos. 2020. “Cyber-physical stress-testing platform for water distribution networks.” J. Environ. Eng. 146 (7): 04020061. https://doi.org/10.1061/(ASCE)EE.1943-7870.0001722.
Ramotsoela, D. T., G. P. Hancke, and A. M. Abu-Mahfouz. 2019. “Attack detection in water distribution systems using machine learning.” Hum.-centric Comput. Inf. Sci. 9 (1): 1–22. https://doi.org/10.1186/s13673-019-0175-8.
Rasekh, A., A. Hassanzadeh, S. Mulchandani, S. Modi, and M. K. Banks. 2016. “Smart water networks and cyber security.” J. Water Resour. Plann. Manage. 142 (7): 01816004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000646.
Rossman, L. A. 2000. EPANET 2: Users manual. Cincinnati: Water Supply and Water Resources Division, National Risk Management Research Laboratory.
Sánchez, H. S., D. Rotondo, T. Escobet, V. Puig, and J. Quevedo. 2019. “Bibliographical review on cyber attacks from a control oriented perspective.” Annu. Rev. Control 48: 103–128. https://doi.org/10.1016/j.arcontrol.2019.08.002.
Sandaruwan, G. P. H., P. S. Ranaweera, and V. A. Oleshchuk. 2013. “PLC security and critical infrastructure protection.” In Proc., 2013 IEEE 8th Int. Conf. on Industrial and Information Systems, 81–85. New York: IEEE.
Shapira, N., O. Ayalon, A. Ostfeld, Y. Farber, and M. Housh. 2021. “Cybersecurity in water sector: Stakeholders perspective.” J. Water Resour. Plann. Manage. 147 (8): 05021008. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001400.
Shin, S., S. Lee, S. J. Burian, D. R. Judi, and T. McPherson. 2020. “Evaluating resilience of water distribution networks to operational failures from cyber-physical attacks.” J. Environ. Eng. 146 (3): 04020003. https://doi.org/10.1061/(ASCE)EE.1943-7870.0001665.
Tanenbaum, A. S., and D. J. Wetherall. 2010. Computer networks. 5th ed. Hoboken, NJ: Prentice Hall.
Taormina, R., et al. 2018. “Battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks.” J. Water Resour. Plann. Manage. 144 (8): 04018048. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000969.
Taormina, R., and S. Galelli. 2018. “Deep-learning approach to the detection and localization of cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 144 (10): 04018065. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000983.
Taormina, R., S. Galelli, H. Douglas, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2019. “A toolbox for assessing the impacts of cyber-physical attacks on water distribution systems.” Environ. Modell. Software 112 (Feb): 46–51. https://doi.org/10.1016/j.envsoft.2018.11.008.
Taormina, R., S. Galelli, N. O. Tippenhauer, A. Ostfeld, and E. Salomons. 2016. “Assessing the effect of cyber-physical attacks on water distribution systems.” In Proc., World Environmental and Water Resources Congress 2016, 436–442. Reston, VA: ASCE. https://doi.org/10.1061/9780784479865.046.
Taormina, R., S. Galelli, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2017. “Characterizing cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 143 (5): 04017009. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000749.
Tsiami, L., and C. Makropoulos. 2021. “Cyber-physical attack detection in water distribution systems with temporal graph convolutional neural networks.” Water 13 (9): 1247. https://doi.org/10.3390/w13091247.
Tuptuk, N., P. Hazell, J. Watson, and S. Hailes. 2021. “A systematic review of the state of cyber-security in water systems.” Water 13 (1): 81. https://doi.org/10.3390/w13010081.
Urbina, D. I., J. A. Giraldo, N. O. Tippenhauer, and A. A. Cárdenas. 2016. “Attacking fieldbus communications in ICS: Applications to the SWaT Testbed.” In Proc., Singapore Cyber-Security Conf. (SG-CRC) 2016, 75–89. London: IOS Press. https://doi.org/10.3233/978-1-61499-617-0-75.
Information & Authors
Information
Published In
Copyright
© 2023 American Society of Civil Engineers.
History
Received: May 16, 2022
Accepted: Dec 3, 2022
Published online: Feb 22, 2023
Published in print: May 1, 2023
Discussion open until: Jul 22, 2023
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.
Cited by
- Andrés Murillo, Riccardo Taormina, Nils Ole Tippenhauer, Davide Salaorni, Robert van Dijk, Luc Jonker, Simcha Vos, Maarten Weyns, Stefano Galelli, High-Fidelity Cyber and Physical Simulation of Water Distribution Systems. I: Models and Data, Journal of Water Resources Planning and Management, 10.1061/JWRMD5.WRENG-5853, 149, 5, (2023).