Methodology to enhance security of water utility system through RTU hardening
Date
2022
Authors
Davies, Augustus William, author
Chandrasekhar, V., advisor
Dubow, Joel, committee member
Borky, John, committee member
Weinberger, Christopher, committee member
Journal Title
Journal ISSN
Volume Title
Abstract
Water utility security is becoming a focus of critical infrastructure security. The Environmental Protection Agency (EPA) and the White House recently launched a cyber security plan for the water sector [1]. "Cyberattacks represent an increasing threat to water systems and thereby the safety and security of our communities," said EPA Administrator Michael S. Regan. "As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America. EPA is committed to working with our federal partners and using our authorities to support the water sector in detecting, responding to, and recovering from cyber incidents." [1]. Yet it is not just cyberattacks. As demonstrated in this dissertation, water utilities are vulnerable to physical and human attacks. The water utility subsystem, in direct contrast with sensors and actuators that monitor, meter, and treat water and wastewater, is the RTUs (Remote Telemetry Unit). This subsystem controls the engineering devices, meters, and control systems the water utility uses to supply water and treat wastewater. These devices are distributed within the area served by the Utility. The RTU aggregates data from the Utility operational subsystems assigned to it and transmits it to the Main Telemetry Unit (MTU) and from there to the Supervisory Control and Data Acquisition (SCADA) system. A typical Metropolitan water utility has around 100 RTU, 2 MTU, and 1 SCADA. Preventing and reducing the impacts of exploits of RTU vulnerabilities are the focus of this study. To attain this goal, a design methodology was created that resulted in a hardened RTU that was constrained to be used within existing water utilities. The performance of the enhanced RTU was compared to the existing standard RTU under normal operating conditions and an attack. The results show the value of the enhanced RTU. The enhanced RTU responded faster, restored operations faster, and prevented physical and cyber-attacks.
Description
Rights Access
Subject
RTU hardening
SCADA
water utility system
RTU vulnerabilities
RTU enhancement
water security