Cyber-physical security of water systems – a new frontier for interdisciplinary water research

Water Companies and other critical infrastructure operators have been adopting ICT technologies (sensors, actuators, real time control systems etc.) as a way to improve the efficiency and reliability of their operations. This rapid deployment of cyber technologies on top of physical assets is turning the physical infrastructure into a different type of infrastructure, increasingly termed Cyber-physical (CP). In a CP system, ICT devices monitor and control the physical processes, usually in real-time, creating a continuous feedback between the cyber and physical layers of the system. This is currently happening in many different sectors (e.g., energy, transportation, and manufacturing) and, slowly but steadily is also becoming a reality for the water sector as well: from reservoirs to water treatment plants to water distribution networks – more and more water companies operate ‘smart’ water systems.

This transformation has several advantages that are more or less understood (reliability, autonomy, and efficiency) but also exposes these new hybrid infrastructures to a different type of risk: that of cyber-physical attacks (CPAs) whose potential impact, cascading effects and vulnerabilities are not well understood at neither the theoretical nor practical levels. The sector currently lacks the concepts, tools and metrics to assess the potential impact of this transformation to their risk profile and exposure and to formulate relevant (cost-effective, resilient) response strategies.

Focusing on interactions

What is important to note is that what is missing is not work on ‘cyber-security’. Certainly, this is an important knowledge area and one that is quickly evolving. But it is work at the interaction between the cyber and physical that is really missing and, in this work, water research institutes like KWR have an important role to play. Think of the work water research institutes did (and are still doing) on optimally placing water quality sensors to quickly spot and react to contamination attacks. Why is this work necessary, instead of relying (only) on physical security solutions (such as armed guards, smart locks and CCTVs)? It is because the industry understands that despite the best efforts to guard a water system against attacks, it is always possible that an attack may go through and as such it needs to prepare to minimise its impact – at the strategic (e.g. clever network design), tactical (e.g. better distributed sensors) or operational level (e.g. real time control of network valves to stop a contamination from reaching customers). The same idea can be applied to cyber-physical security. There is certainly scope for better protection (by cyber security experts) but also scope for work in understanding and minimising the cascading impact at the strategic, tactical and operational levels – and this is the task of water system experts working in collaboration with cyber security experts and water companies.

Delivering (a part of) what is needed: the STOP-IT project

Within the STOP-IT H2020 project, KWR is examining what a CPS conceptualisation means for key performance and design metrics for water distribution networks, and develops novel tools that are required to assess these metrics (under deep uncertainty related to both the state of the infrastructure and the probabilities of particular attacks occurring). An important and novel aspect of the research is the development of new computational models able to explicitly simulate the interaction between the physical and cyber layers of a water distribution network, acting as a stress testing platform to examine new system designs and configurations (Figure 1).

Figure 1: Tools supporting a cyber-physical risk assessment workflow.


With these tools, water companies can visualise the cyber network on top of the physical network and define its control logic; Link and simulate the combined cyber and physical system (explicitly modelling interactions) e.g. simulate the water network (a) under normal conditions, (b) under cyber-physical attacks (e.g. a sensor manipulated to think there is a substance in the water where there is none – or vice versa); assess the system’s response and compare impacts from different scenarios through different Key Performance Indicators (KPIs) (Figure 2).

Figure 2: Visualising the cyber and physical network and simulating their interactions.


A take home message

This research is at the leading edge of the ICT-Water domain and has implications on basic theoretical notions as well as very practical activities at the water company level, such as redefining risk assessment procedures or enabling work on optimisation strategies for deploying water quality sensors in a way that is more resilient to these new threats.

And it will only become more important as new developments from the Internet of Things to autonomous robots change the way we operate our infrastructures – for the better. If we are careful.