Abstract
Water management is a critical infrastructure activity in The Netherlands. Many organizations, ranging from local municipalities to national departments are involved in water management by controlling the water level to protect the land from flooding and to allow inland shipping. Another important water management task is the purification of waste water and sewage. To fulfill these tasks, such organizations depend on information and communication technologies, ranging from standard office IT facilities to Industrial Control Systems (ICS), for example to control excess water pumps and locks, as well as to monitor and control water purification plants. The worldwide increase of both volume and sophistication of cyber attacks made the Dutch government decide to sponsor a project to determine a cyber security posture of the water management organizations by benchmarking the cyber security state of their water management installations and processes. In this paper we present our benchmark approach to the security of ICS. Moreover, we discuss the major results of the benchmark as well as a cyber security simulator that was developed to raise awareness and develop further knowledge on the ICS-specific issues.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We will use the term ICS hereafter as a generic term for ICS and SCADA.
References
Almalawi, A., Tari, Z., Khalil, I., Fahad, A.: SCADAVT-A framework for SCADA security testbed based on virtualization technology. In: 2013 IEEE 38th Conference on Local Computer Networks (LCN), pp. 639–646. IEEE (2013)
Amin, S., Schwartz, G.A., Hussain, A.: In quest of benchmarking security risks to cyber-physical systems. IEEE Netw. 27(1), 19–24 (2013)
CIP: Traffic Light Protocol (TLP), April 2016. https://publicwiki-01.fraunhofer.de/CIPedia/index.php/Traffic_Light_Protocol_%28TLP%29 (2015)
ISO: ISO/IEC 27005:2011: Information technology - security techniques - information security risk management. Technical report, ISO (2011)
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490–4494. IEEE (2011)
Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: KVM: The linux virtual machine monitor. In: Proceedings of the Linux symposium, vol. 1, pp. 225–230 (2007)
Luiijf, E., Ali, M., Zielstra, A.: Assessing and improving SCADA security in the dutch drinking water sector. Int. J. Crit. Infrastruct. Prot. 4(3), 124–134 (2011)
Luiijf, H.: SCADA Security Good Practices for the Drinking Water Sector. TNO, Den Haag (2008)
Luiijf, H., te Paske, B.J.: Cyber security of industrial control systems. Technical report, TNO (2015)
Macaulay, T., Singer, B.L.: Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. CRC Press, Boca Raton (2011)
Mattioli, R., Moulinos, K.: Analysis of ICS-SCADA cyber security maturity levels in critical sectors. Technical report, ENISA (2015)
Mirkovic, J., Benzel, T.: Teaching cybersecurity with deterlab. IEEE Secur. Priv. 10(1), 73–76 (2012)
O’Gorman, J., Kearns, D., Aharoni, M.: Metasploit: The Penetration Tester’s Guide. No Starch Press, San Francisco (2011)
Pfaff, B., Pettit, J., Amidon, K., Casado, M., Koponen, T., Shenker, S.: Extending networking into the virtualization layer. In: Hotnets (2009)
Roesch, M., et al.: Snort: Lightweight intrusion detection for networks. In: Proceedindgs of the 13th USENIX Large Installation Systems Administration Conference, LISA 1999, vol. 99, pp. 229–238. USENIX Association (1999)
Siemens: System overview simatic s7–1200, April 2016. http://w3.siemens.com/mcms/programmable-logic-controller/en/basic-controller/s7-1200/system-overview/Pages/default.aspx
Acknowledgment
The Dutch government funds research by universities which aim to generate knowledge which needs to flow to both the education of next generation students and to organizations. This funding scheme is called ‘Regionale Aandacht en Actie voor Kenniscirculatie’, abbreviated RAAK which translates into English as on tar-get.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Burghouwt, P., Maris, M., van Peski, S., Luiijf, E., van de Voorde, I., Spruit, M. (2017). Cyber Targets Water Management. In: Havarneanu, G., Setola, R., Nassopoulos, H., Wolthusen, S. (eds) Critical Information Infrastructures Security. CRITIS 2016. Lecture Notes in Computer Science(), vol 10242. Springer, Cham. https://doi.org/10.1007/978-3-319-71368-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-71368-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71367-0
Online ISBN: 978-3-319-71368-7
eBook Packages: Computer ScienceComputer Science (R0)