Enhancing Water-Distribution System Security through Modeling

Abstract

Listen

Translate article

Since the early days of King Hezekiah late 8th century to early 7th century BCE , who constructed a 533 m underground tunnel to channel the Gihon Spring outside Jerusalem into the city as part of his war against Sennacherib, water resources systems have been the subject of threats and conflicts throughout history, with diverse intensities Gleick 1998 . Following the events of September 11, 2001, in the United States, the world’s public awareness about possible terrorist attacks on water-supply systems has increased dramatically, causing the security of drinking-water distribution systems to become a major concern around the globe. A drinking-water distribution system typically consists of tanks, pipes, and pumps that deliver treated water from treatment plants to consumers. Even a moderate system may contain hundreds of kilometers of pipes and numerous delivery points, making such a system inherently vulnerable. The threats to a water-distribution system can be partitioned into three major groups according to the methods neccessary for enhancing their security: 1 a direct attack on the main infrastructure: dams, treatment plants, storage reservoirs, pipelines, etc.; 2 a cyber attack disabling the functionality of the water utility supervisory control and data acquisition SCADA system, taking over control of key components that might result in water outages or insufficiently treated water, or changing or overriding protocol codes, etc.; and 3 a deliberate chemical or biological contaminant injection at one of the system’s nodes. The threat of a direct attack on major water-supply-system infrastructure is addressed by improving the system’s physical security for example, with additional alarms, locks, fencing, surveillance cameras, or guards , which can be assessed by comparing the resulting degree of risk reduction to cost. The American Water Works Association AWWA provided comprehensive physical security guidance AWWA 2004 aimed at helping water utilities tailor a physical security policy to their specific needs. The threat of a cyber attack can be minimized by employing several basic activities, such as establishing an optical isolator between communication networks, allowing for one-way data traffic only, using a router to restrict data transfer to a small number of destinations as regulated by an access control list ACL ; using firewalls; installing antivirus software on all servers and workstations and configuring for daily virus pattern updates; restricting access to the SCADA control room; and so on AWWA 2004 .