Society is now in an era in which climate change and cyber insecurity are regular threats to life and property. In tandem, the two have the potential to be especially deadly.
“There’s evidence that climate change increases the risk of flooding, and the losses due to those floods are growing every year,” says Y.C. Ethan Yang, an associate professor of civil and environmental engineering (CEE) in Lehigh University’s P.C. Rossin College of Engineering and Applied Science. “Scientists have started thinking about compound issues that further exacerbate flooding, like when a hurricane is followed by heavy rainfall.”
Yang and his team, which included Chung-Yi Lin ’23 PhD (now a postdoc at Virginia Tech) and fellow Lehigh CEE faculty member Farrah Moazeni, were interested in studying that one-two punch, and particularly, “what happens when a natural disaster and a man-made disaster happen simultaneously.”
In their case, the man-made disaster was a cyber attack. The result of their study, “Flood Risks of Cyber-Physical Attacks in a Smart Storm Water System,” was recently published in Water Resources Research.
The researchers wanted to understand how vulnerable a smart stormwater system could be to a cyber attack when that same system was simultaneously dealing with storm-induced flooding.
“The idea of the smart city is great, but it opens the door to hackers,” says Yang. “We wanted to know in what flooding scenario a hacker could cause the most harm.”
Yang and his team used historical data from the stormwater management system in Bethlehem Township, Pennsylvania, to build a hydrological model to simulate flooding. They also developed an attack model that mimicked how a hacker might interfere with the system, for instance, by opening or closing gates that control water levels in retention ponds.
The researchers wanted to understand how vulnerable a smart stormwater system could be to a cyber attack when that same system was simultaneously dealing with storm-induced flooding
They combined the data with the models to run simulations under various climate change impact scenarios (e.g., the impact of increasingly higher average global temperatures) to evaluate the conditions in which a hacker might have the greatest impact on a stormwater system, thereby increasing a community’s flood risk.
“We found that if a flooding event is big enough, say there’s a Category 5 hurricane, a hacker isn’t going to increase the risk, because the system is going to flood anyway,” says Yang. “The most vulnerable condition, however, is during low- to mid-level flooding events. The system should be able to handle those events. But if someone intentionally opens a gate at the wrong time, it will overwhelm the system and cause a flood downstream. We were able to quantify and show through visualizations this additional flooding risk caused by a cyber attack.”
The results have already prompted two additional projects: One will explore how to prevent such interference, and the second will examine the cascading effects within a flooded community, specifically how different groups of people are affected.
“We know that affluent people tend to suffer larger losses in terms of absolute numbers,” he says. “But socially vulnerable groups tend to suffer a greater percentage of total loss.”
Yang hopes the mathematical framework he and his team developed for this project will be adopted by other communities across the country and around the world.
“We developed a procedure that can now allow any municipality to identify the vulnerabilities within their stormwater systems,” he says. “As long as you have the data, the method is universal.”