A Review of Cybersecurity Incidents in the Water Sector

AbstractThis study presents a critical review of disclosed, documented, and malicious cybersecurity incidents in the water sector to inform safeguarding efforts against cybersecurity threats. The review is presented within a technical context of industrial control system architectures, attack-defens...

Full description

Saved in:
Bibliographic Details
Published in:Journal of environmental engineering (New York, N.Y.) N.Y.), 2020-05, Vol.146 (5)
Main Authors: Hassanzadeh, Amin, Rasekh, Amin, Galelli, Stefano, Aghashahi, Mohsen, Taormina, Riccardo, Ostfeld, Avi, Banks, M. Katherine
Format: Article
Language:English
Subjects:
Control systems
Cybersecurity
Industrial electronics
Information sources
Malware
Public information
Reviews
Scientific papers
Security
State-of-the-Art Review
State-of-the-Art Reviews
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:AbstractThis study presents a critical review of disclosed, documented, and malicious cybersecurity incidents in the water sector to inform safeguarding efforts against cybersecurity threats. The review is presented within a technical context of industrial control system architectures, attack-defense models, and security solutions. Fifteen incidents were selected and analyzed through a search strategy that included a variety of public information sources ranging from federal investigation reports to scientific papers. For each individual incident, the situation, response, remediation, and lessons learned were compiled and described. The findings of this review indicate an increase in the frequency, diversity, and complexity of cyberthreats to the water sector. Although the emergence of new threats, such as ransomware or cryptojacking, was found, a recurrence of similar vulnerabilities and threats, such as insider threats, was also evident, emphasizing the need for an adaptive, cooperative, and comprehensive approach to water cyberdefense.
ISSN:0733-9372
1943-7870
DOI:10.1061/(ASCE)EE.1943-7870.0001686