Protecting the water sector from cyber-security risks

Reading Time: 3 minutes
Water cybersecurity scaled e1599045355969


Trilateral Research |

Date: 3 September 2020

Water services are increasingly finding new pathways to reduce water insecurity, through technical and organisational innovations.

‘Smart city’ measures, such as interconnected sensor technologies, deployment of drones, and the collection of citizen-generated information on water anomalies can bolster our ability to prevent and respond to harms in the water network, for example, detect pollutants, leakages and bursts. As a result, awareness of the water conditions can be extended further across the network, tapping into new information sources and reducing the time and resources required for more traditional monitoring.

However, the same measures also pose a risk of puncturing entry points for malign cyber infiltration into critical infrastructure. As new forms of harm are introduced into water service networks, this will inevitably change how we understand the system itself.

The aqua3s project aims to standardise innovative sensor technologies and ensure water safety and security. The system will be used to detect anomalies in water supply networks.

Read more about our work in the aqua3s project.

Cybersecurity risks

It perhaps seems obvious that our innate dependency on water – e.g. for consumption, hygiene, agriculture, industry or energy production – provides an inviting terrain for cyber-hostilities.

The attacks on the Bowman Avenue Dam in New York state by the Iranian Revolutionary Guard, the 2016 attack on the ‘Kemuri’ water plant by hackers purportedly affiliated with Syria, as well as the reports of a Kremlin-sponsored attack on Ukranian water sanitation systems demonstrate how water services have acted as theatres of cyber-warfare.

Such attacks can and do result in kinetic effects on critical features of water services, such as the manipulation of flood gates, interference with chemical and water levels and the diversion of irrigated water. Moreover, where customer information is contained in water systems – the type necessary to get the water from plant to house – it can be remotely retrieved, posing a very real concern for the privacy rights of service users.

Cyber-attacks on the water sector pose a distinct set of threats that may appear in contrast to the usual anticipated harms of lack of water provision.

Innovating old infrastructures

As technological innovations are frequently built into existing legacy systems, it is necessary to ensure that retrofitting tools does not ignore the concern that legacy systems may include outdated systems vulnerable to infiltration. Where unpatched code remains, innovation measures must seek to actively address and overcome these challenges. As the supervisory control and data acquisition (SCADA) systems used to monitor and control a plant or equipment integrate old and new technologies (such as the Internet of Things (IoT) systems), they become more susceptible to infiltration.

Whilst recognising the advantages that IoT connected systems may bring, they may also include a number of vulnerabilities. These include configuration errors from default factory settings, vulnerability in cloud services, memory corruption and weakness in validating input data, and ultimately the vulnerability of system commands and information to interference.

The cumulative result of these vulnerabilities is that the combined integrated systems are at risk of advanced persistent threat. For example, the lack of data integrity where data is destroyed; man-in-the-middle attacks where the attackers gained illegitimate access or monitor the messages and activities within the system; replay attacks which delay messages sent to physical devices and denial of service attacks which prevents the system from performing tasks by overloading the computer resources.

Without erasing the opportunities that new technologies and approaches bring, we must bring the vulnerabilities resulting from cyber-threats into the conversation.

We must make visible how water security looks beyond the flow of water between sources to a view that interconnects international, local, human, environmental, economic, and political concerns. Ultimately, this awareness will boost our ability to conduct ethics and human rights-based assessments balancing the opportunities and challenges in innovation in the water sector.

For more information about this research area, contact our team.

Related posts

AI is rapidly transforming industries. Take for example the legal field, which is traditionally conservative in relation to technology. More…

Let's discuss your career