Autodesk Water
Connecting Waterpeople

You are here

Increase cybersecurity resilience using advanced data-science techniques for operators training

About the blog

Marcello Michael Serrao
Engineer (PhD) Water Treatment and Data at Suez International (France), my passion lies in developing Smart Tools for Urban Water Management.

Themes

  • Increase cybersecurity resilience using advanced data-science techniques for operators training

The water and wastewater sector are fundamental to providing clean and safe water, maintaining sanitation, and supporting public health, as well as the economic sectors that rely on these services. Therefore, safeguarding critical infrastructure in the water sector is essential to a country's health system and economy, especially against the increasing threat of cyber-attacks. The rapid pace of technological innovation and the growing integration of digital technologies in water utilities have increased their vulnerability to cyber threats.

To address these risks, many countries have implemented national cybersecurity strategies that outline the responsibilities of various levels of government in protecting the water and wastewater sector. However, the effective implementation of these strategies can be complex and challenging, often requiring a tailored approach rather than a one-size-fits-all solution. As Malatji et al. (2021) point out, a governance framework designed to improve resilience against cyber-attacks must be specifically crafted for the water industry through dialogue with local water utilities.

To create a security architecture that matches the level of risk, it is critical to define emerging job roles with industry-specific skill sets and address the training needs of existing personnel. Ensuring that the workforce is equipped with up-to-date security standards and practical experience with best practices is paramount (Skiba, 2020).

Current readiness level of water operators

Water treatment processes and production operations rely on sophisticated process control systems to ensure the continuous and safe production of high-quality water in compliance with regulatory standards. These systems, which include monitoring and data acquisition tools, process control systems, and programmable logic controllers (PLCs), are crucial to maintaining water quality. Over the past few decades, increasing numbers of these systems have been connected to corporate networks and the internet, enabling remote management and monitoring. While this connectivity offers many operational advantages, it also creates numerous potential entry points for cyber attackers to exploit.

Potable water production facilities and distribution networks are especially vulnerable due to their continuous operations and the potential consequences of service disruption or contamination. A disruption or contamination of the water supply could have severe public health implications. As a result, drinking water facilities classified as "sensitive" are subject to stricter security requirements. For example, in France, the water sector is identified as one of twelve critical infrastructure sectors (for more info refer to the site of the French General Secretary of Defense and National Security). Operators of sensitive facilities are required to take additional security measures, such as appointing a security liaison officer, developing an operator security plan, and creating protection plans for critical infrastructure.

Despite increasing awareness of cybersecurity risks, the readiness levels of water operators to defend against cyber threats remains uneven across regions. While many water utilities are beginning to focus on cybersecurity, the traditional reliance on passive security measures, such as spam detection software, antivirus protection, and basic network security tools, is no longer sufficient. These systems are designed to mitigate system vulnerabilities but are generally slow to evolve, require significant investment to maintain, and may even introduce new vulnerabilities. Consequently, passive measures are increasingly inadequate against sophisticated, targeted cyber-attacks (Masud, 2017).

Enhancing readiness through active measures involving the operators

Water utilities must prioritize training of operational technology (OT) staff operating industrial control systems (ICS), such as the SCADA systems, and the infrastructure data associated with their networks. This training is vital for ensuring business continuity and securing operations.

Unlike passive security measures, active cybersecurity strategies focus on strengthening cyber resilience through improved human decision-making and continuous learning processes. These measures require thus regular training and ongoing motivation of the workforce. In contrast to passive measures, which rely primarily on the automated systems, active measures place the responsibility for security in the hands of OT-staff. The key benefit of active strategies is their adaptability to unforeseen situations, allowing operators to respond more effectively and mitigate risks in real-time.

Applying advanced data-science tools for operator training

The adoption of artificial intelligence (AI) in the water sector is gradually gaining momentum, and future training programs should integrate AI, machine learning algorithms, and simulation models to provide operators with cutting-edge, interactive training experiences. While both passive and active security strategies require initial training, the latter demands continuous education to keep pace with evolving cyber threats.

In-house training is a critical component of enhancing cyber resilience. Water utilities must prioritize training for engineers and OT staff, focusing on advanced data science tools and technologies. One promising approach involves the development of Hybrid Models for water systems, which combine deterministic process equations with AI-driven machine learning models trained on data pattern recognition. This approach allows operators to engage in realistic training scenarios within a safe, controlled environment.

Another promising tool for training is Building Information Modeling (BIM) combined with extended reality (XR). These technologies create dynamic, immersive environments where operators can practice responding to security alerts and alarms in real-time simulations.

However, further research is required to refine these training tools. The ATHENA European research project (2023-2026) is an excellent example of this ongoing effort. ATHENA is funded by the European Union’s Digital Europe Programme (DIGITAL) and aims to develop a European platform for cybersecurity training, response, and preparedness. The project's objective is to create a blueprint for Cyber Security Operations Centers (CSOCs) that promote cross-border, cross-organizational cooperation. The program key focus areas include:

  • Enhancing situational awareness: By utilizing AI-assisted Cyber Threat Intelligence (CTI) extraction and analytics.
  • Building capabilities: Strengthening abilities to predict, prevent, detect, and respond to emerging cyber threats.
  • Optimizing information sharing: Establishing standardized mechanisms for secure and efficient information exchange.

Through collaboration with European infrastructure partners, academic institutions, and cybersecurity experts, the program is developing specialized training modules for OT personnel. These modules simulate cyber-attacks on critical infrastructure, enabling operators to practice and refine their response strategies in realistic scenarios. The W-SMART association works together with SUEZ among other key partners in the water sector developing online courses, tabletop exercises, and cyber range simulations tailored to water operators. By utilizing advanced training methods like XR, gamification, and other innovative techniques, ATHENA is helping to strengthen the cybersecurity resilience of the water sector.

Take-away message

The key takeaway is that a strong collaboration between IT and OT worlds is crucial for enhancing the preparedness of water operators against cyber threats. This collaboration enables operators to train for real-world scenarios, such as responding to cyber incidents in the control room of a water plant, should a threat materialize. Cyber-attacks are an increasingly significant risk that water utilities must be ready for. Effective cybersecurity requires not only robust software and hardware protections but also specialized human resources with deep knowledge of both operational processes and technology. By utilizing advanced data science tools and hybrid modeling techniques such as digital twins or dynamic BIMs, water utilities can create safe and effective training environments to ensure their operators are prepared for the challenges ahead.

In an era of growing cyber threats, intense collaboration between the water operational OT-staff and the IT department, continuous learning with advanced training technologies using data-science tools are key to safeguarding our most vital resource —water.

Subscribe to our newsletter

Topics of interest

The data provided will be treated by iAgua Conocimiento, SL for the purpose of sending emails with updated information and occasionally on products and / or services of interest. For this we need you to check the following box to grant your consent. Remember that at any time you can exercise your rights of access, rectification and elimination of this data. You can consult all the additional and detailed information about Data Protection.