International Journal of Engineering Management
Volume 4, Issue 1, June 2020, Pages: 11-16
Received: Jun. 28, 2020;
Accepted: Jul. 15, 2020;
Published: Jul. 23, 2020
Views 325 Downloads 96
Richard Skiba, LRES Training Management, Melbourne, Australia
Cyber-attacks are a growing and persistent threat to water infrastructure, including drinking water and wastewater systems. Water infrastructure uses a number of technical control systems to manage and track infrastructure properties, including hardware and software, such as monitoring and data acquisition systems, process control systems, and other devices, such as programmable logic controllers, that control data gathering equipment and information technology. As these systems become more connected to corporate systems and the internet, security approaches are needed equally across both the control system and the corporate network infrastructure, as there are many potential entry points for cyber attackers to exploit to these systems. These cyber-attacks occur on water infrastructure world-wide and water providers, in order to reduce the risks, need to identify control system asset security vulnerabilities and design, build and maintain a security architecture proportionate to the risk. Human resources are fundamental to these cybersecurity systems and the required emerging job roles require industry specific definition. This paper provides definition on the roles and responsibilities for control system security governance, particularly from the perspective of skills and knowledge and training requirements with a view to addressing leading industry security standards for control systems and practices.
Water Industry Cyber Security Human Resources and Training Needs, International Journal of Engineering Management.
Vol. 4, No. 1,
2020, pp. 11-16.
Copyright © 2020 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/
) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Australian Industry Standards. (2019). Water Industry Reference Committee: Skills Forecast 2019. Retrieved from https://www.australianindustrystandards.org.au/wp-content/uploads/2019/06/nwp_sf2019_final_pages_low_res.pdf.
American Water Works Association. (2019). 2019 AWWA State of the Water Industry Report. Retrieved from https://www.awwa.org/Portals/0/AWWA/ETS/Resources/2019_STATE%20OF%20THE%20WATER%20INDUSTRY_post.pdf.
Germano, J. H. (2018). Cybersecurity Risk & Responsibility in the Water Sector. Denver, CO: AWWA. Retrieved from www.awwa.org/Portals/0/AWWA/Government/AWWACybersecurityRiskandResponsibility.pdf?ver=2018-12-05-123319-013.
Department for Food and Rural Affairs. (2017). Water Sector Cyber Security Strategy: 2017-2021. Water Security and Resilience: London.
Australian Computer Society. (2016). Cybersecurity: Threats, Challenges, Opportunities. Australian Computer Society: Sydney.
Snyder, H. (2019). Literature review as a research methodology: An overview and guidelines. Journal of Business Research, 104, 333-339. https://doi.org/10.1016/j.jbusres.2019.07.039.
Victorian Auditor-General's Office. (2019). Security of Water Infrastructure Control Systems. Victorian Government Printer.
Department of Education, Skills and Employment. (2020). Qualification details: NWP40515 - Certificate IV in Water Industry Operations (Release 2). Retrieved from https://training.gov.au/Training/Details/NWP40515.
Hassanzadeh, A., Rasekh, A., Galelli, S., Aghashahi, M., Taormina, R., Ostfeld, A., & Banks, M. (2019). A Review of Cybersecurity Incidents in the Water Sector. Journal of Environmental Engineering. https://doi.org/10.1061/(ASCE)EE.1943-7870.0001686.
Masud, U. T. (2017). Incorporating Cybersecurity into Water Utility Master Planning: A Strategic, Cost-Effective Approach to Mitigate Control System Risk. Retrieved from https://literature.rockwellautomation.com/idc/groups/literature/documents/wp/water-wp002_-en-e.pdf.
Anderson, N., & Phillips, B. (2013). Water and wastewater SCADA cybersecurity: Strategic approach to water and wastewater network architecture and segmentation. InTech Magazine, Sep-Oct.
Bartlett, S. & Northcott, K. (2019). The Value of Water Industry Operator Competency: The What, Why and How. WaterWorks, November, 11-14.
Brumfield, C. (2020). Attempted cyberattack highlights vulnerability of global water infrastructure. Retrieved from https://www.csoonline.com/article/3541837/attempted-cyberattack-highlights-vulnerability-of-global-water-infrastructure.html.
Amengor, J. (2019). Cyber Security of / for Water Utilities in Africa. Retrieved from https://iwa-network.org/cyber-security-of-for-water-utilities-in-africa/.
Zoe, E. (2019). What you need to know (and do) about cybersecurity training. Retrieved from https://www.efrontlearning.com/blog/2019/03/cyber-security-training-for-employees-101.html.
Brook, C. (2018). What is SCADA Security? Retrieved from https://digitalguardian.com/blog/what-scada-security.
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to Industrial Control Systems (ICS) Security: Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC). NIST Special Publication 800-82, Revision 2, National Institute of Standards and Technology, U.S. Department of Commerce.
ELEKS Operations OU. (2019). SCADA Cyber Security Threats and Countermeasures: Ultimate Checklist. Retrieved from https://hackernoon.com/scada-cyber-security-threats-and-countermeasures-ultimate-checklist-f236f56938cd.
Daalder, E. (2020). SCADA Cyber Security Information on Securing SCADA systems. Yokogawa Electric Corporation, Global SCADA Center.