TY - JOUR
T1 - A Review of Cybersecurity Incidents in the Water Sector
AU - Hassanzadeh, Amin
AU - Rasekh, Amin
AU - Galelli, Stefano
AU - Aghashahi, Mohsen
AU - Taormina, Riccardo
AU - Ostfeld, Avi
AU - Banks, M. Katherine
N1 - Publisher Copyright:
© 2020 American Society of Civil Engineers.
PY - 2020/5/1
Y1 - 2020/5/1
N2 - This study presents a critical review of disclosed, documented, and malicious cybersecurity incidents in the water sector to inform safeguarding efforts against cybersecurity threats. The review is presented within a technical context of industrial control system architectures, attack-defense models, and security solutions. Fifteen incidents were selected and analyzed through a search strategy that included a variety of public information sources ranging from federal investigation reports to scientific papers. For each individual incident, the situation, response, remediation, and lessons learned were compiled and described. The findings of this review indicate an increase in the frequency, diversity, and complexity of cyberthreats to the water sector. Although the emergence of new threats, such as ransomware or cryptojacking, was found, a recurrence of similar vulnerabilities and threats, such as insider threats, was also evident, emphasizing the need for an adaptive, cooperative, and comprehensive approach to water cyberdefense.
AB - This study presents a critical review of disclosed, documented, and malicious cybersecurity incidents in the water sector to inform safeguarding efforts against cybersecurity threats. The review is presented within a technical context of industrial control system architectures, attack-defense models, and security solutions. Fifteen incidents were selected and analyzed through a search strategy that included a variety of public information sources ranging from federal investigation reports to scientific papers. For each individual incident, the situation, response, remediation, and lessons learned were compiled and described. The findings of this review indicate an increase in the frequency, diversity, and complexity of cyberthreats to the water sector. Although the emergence of new threats, such as ransomware or cryptojacking, was found, a recurrence of similar vulnerabilities and threats, such as insider threats, was also evident, emphasizing the need for an adaptive, cooperative, and comprehensive approach to water cyberdefense.
UR - http://www.scopus.com/inward/record.url?scp=85081728503&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85081728503&partnerID=8YFLogxK
U2 - 10.1061/(ASCE)EE.1943-7870.0001686
DO - 10.1061/(ASCE)EE.1943-7870.0001686
M3 - Review article
AN - SCOPUS:85081728503
SN - 0733-9372
VL - 146
JO - Journal of Environmental Engineering (United States)
JF - Journal of Environmental Engineering (United States)
IS - 5
M1 - 03120003
ER -