| Peer-Reviewed

Water Industry Cyber Security Human Resources and Training Needs

Received: 28 June 2020     Accepted: 15 July 2020     Published: 23 July 2020
Views:       Downloads:
Abstract

Cyber-attacks are a growing and persistent threat to water infrastructure, including drinking water and wastewater systems. Water infrastructure uses a number of technical control systems to manage and track infrastructure properties, including hardware and software, such as monitoring and data acquisition systems, process control systems, and other devices, such as programmable logic controllers, that control data gathering equipment and information technology. As these systems become more connected to corporate systems and the internet, security approaches are needed equally across both the control system and the corporate network infrastructure, as there are many potential entry points for cyber attackers to exploit to these systems. These cyber-attacks occur on water infrastructure world-wide and water providers, in order to reduce the risks, need to identify control system asset security vulnerabilities and design, build and maintain a security architecture proportionate to the risk. Human resources are fundamental to these cybersecurity systems and the required emerging job roles require industry specific definition. This paper provides definition on the roles and responsibilities for control system security governance, particularly from the perspective of skills and knowledge and training requirements with a view to addressing leading industry security standards for control systems and practices.

Published in International Journal of Engineering Management (Volume 4, Issue 1)
DOI 10.11648/j.ijem.20200401.12
Page(s) 11-16
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2020. Published by Science Publishing Group

Keywords

Cyber Security, Cyber Attacks, Risk Mitigation, Critical Infrastructure, Water Industry, Scada, Supervisory Control and Data Acquisition

References
[1] Australian Industry Standards. (2019). Water Industry Reference Committee: Skills Forecast 2019. Retrieved from https://www.australianindustrystandards.org.au/wp-content/uploads/2019/06/nwp_sf2019_final_pages_low_res.pdf.
[2] American Water Works Association. (2019). 2019 AWWA State of the Water Industry Report. Retrieved from https://www.awwa.org/Portals/0/AWWA/ETS/Resources/2019_STATE%20OF%20THE%20WATER%20INDUSTRY_post.pdf.
[3] Germano, J. H. (2018). Cybersecurity Risk & Responsibility in the Water Sector. Denver, CO: AWWA. Retrieved from www.awwa.org/Portals/0/AWWA/Government/AWWACybersecurityRiskandResponsibility.pdf?ver=2018-12-05-123319-013.
[4] Department for Food and Rural Affairs. (2017). Water Sector Cyber Security Strategy: 2017-2021. Water Security and Resilience: London.
[5] Australian Computer Society. (2016). Cybersecurity: Threats, Challenges, Opportunities. Australian Computer Society: Sydney.
[6] Snyder, H. (2019). Literature review as a research methodology: An overview and guidelines. Journal of Business Research, 104, 333-339. https://doi.org/10.1016/j.jbusres.2019.07.039.
[7] Victorian Auditor-General's Office. (2019). Security of Water Infrastructure Control Systems. Victorian Government Printer.
[8] Department of Education, Skills and Employment. (2020). Qualification details: NWP40515 - Certificate IV in Water Industry Operations (Release 2). Retrieved from https://training.gov.au/Training/Details/NWP40515.
[9] Hassanzadeh, A., Rasekh, A., Galelli, S., Aghashahi, M., Taormina, R., Ostfeld, A., & Banks, M. (2019). A Review of Cybersecurity Incidents in the Water Sector. Journal of Environmental Engineering. https://doi.org/10.1061/(ASCE)EE.1943-7870.0001686.
[10] Masud, U. T. (2017). Incorporating Cybersecurity into Water Utility Master Planning: A Strategic, Cost-Effective Approach to Mitigate Control System Risk. Retrieved from https://literature.rockwellautomation.com/idc/groups/literature/documents/wp/water-wp002_-en-e.pdf.
[11] Anderson, N., & Phillips, B. (2013). Water and wastewater SCADA cybersecurity: Strategic approach to water and wastewater network architecture and segmentation. InTech Magazine, Sep-Oct.
[12] Bartlett, S. & Northcott, K. (2019). The Value of Water Industry Operator Competency: The What, Why and How. WaterWorks, November, 11-14.
[13] Brumfield, C. (2020). Attempted cyberattack highlights vulnerability of global water infrastructure. Retrieved from https://www.csoonline.com/article/3541837/attempted-cyberattack-highlights-vulnerability-of-global-water-infrastructure.html.
[14] Amengor, J. (2019). Cyber Security of / for Water Utilities in Africa. Retrieved from https://iwa-network.org/cyber-security-of-for-water-utilities-in-africa/.
[15] Zoe, E. (2019). What you need to know (and do) about cybersecurity training. Retrieved from https://www.efrontlearning.com/blog/2019/03/cyber-security-training-for-employees-101.html.
[16] Brook, C. (2018). What is SCADA Security? Retrieved from https://digitalguardian.com/blog/what-scada-security.
[17] Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015). Guide to Industrial Control Systems (ICS) Security: Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC). NIST Special Publication 800-82, Revision 2, National Institute of Standards and Technology, U.S. Department of Commerce.
[18] ELEKS Operations OU. (2019). SCADA Cyber Security Threats and Countermeasures: Ultimate Checklist. Retrieved from https://hackernoon.com/scada-cyber-security-threats-and-countermeasures-ultimate-checklist-f236f56938cd.
[19] Daalder, E. (2020). SCADA Cyber Security Information on Securing SCADA systems. Yokogawa Electric Corporation, Global SCADA Center.
Cite This Article
  • APA Style

    Richard Skiba. (2020). Water Industry Cyber Security Human Resources and Training Needs. International Journal of Engineering Management, 4(1), 11-16. https://doi.org/10.11648/j.ijem.20200401.12

    Copy | Download

    ACS Style

    Richard Skiba. Water Industry Cyber Security Human Resources and Training Needs. Int. J. Eng. Manag. 2020, 4(1), 11-16. doi: 10.11648/j.ijem.20200401.12

    Copy | Download

    AMA Style

    Richard Skiba. Water Industry Cyber Security Human Resources and Training Needs. Int J Eng Manag. 2020;4(1):11-16. doi: 10.11648/j.ijem.20200401.12

    Copy | Download

  • @article{10.11648/j.ijem.20200401.12,
      author = {Richard Skiba},
      title = {Water Industry Cyber Security Human Resources and Training Needs},
      journal = {International Journal of Engineering Management},
      volume = {4},
      number = {1},
      pages = {11-16},
      doi = {10.11648/j.ijem.20200401.12},
      url = {https://doi.org/10.11648/j.ijem.20200401.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ijem.20200401.12},
      abstract = {Cyber-attacks are a growing and persistent threat to water infrastructure, including drinking water and wastewater systems. Water infrastructure uses a number of technical control systems to manage and track infrastructure properties, including hardware and software, such as monitoring and data acquisition systems, process control systems, and other devices, such as programmable logic controllers, that control data gathering equipment and information technology. As these systems become more connected to corporate systems and the internet, security approaches are needed equally across both the control system and the corporate network infrastructure, as there are many potential entry points for cyber attackers to exploit to these systems. These cyber-attacks occur on water infrastructure world-wide and water providers, in order to reduce the risks, need to identify control system asset security vulnerabilities and design, build and maintain a security architecture proportionate to the risk. Human resources are fundamental to these cybersecurity systems and the required emerging job roles require industry specific definition. This paper provides definition on the roles and responsibilities for control system security governance, particularly from the perspective of skills and knowledge and training requirements with a view to addressing leading industry security standards for control systems and practices.},
     year = {2020}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Water Industry Cyber Security Human Resources and Training Needs
    AU  - Richard Skiba
    Y1  - 2020/07/23
    PY  - 2020
    N1  - https://doi.org/10.11648/j.ijem.20200401.12
    DO  - 10.11648/j.ijem.20200401.12
    T2  - International Journal of Engineering Management
    JF  - International Journal of Engineering Management
    JO  - International Journal of Engineering Management
    SP  - 11
    EP  - 16
    PB  - Science Publishing Group
    SN  - 2640-1568
    UR  - https://doi.org/10.11648/j.ijem.20200401.12
    AB  - Cyber-attacks are a growing and persistent threat to water infrastructure, including drinking water and wastewater systems. Water infrastructure uses a number of technical control systems to manage and track infrastructure properties, including hardware and software, such as monitoring and data acquisition systems, process control systems, and other devices, such as programmable logic controllers, that control data gathering equipment and information technology. As these systems become more connected to corporate systems and the internet, security approaches are needed equally across both the control system and the corporate network infrastructure, as there are many potential entry points for cyber attackers to exploit to these systems. These cyber-attacks occur on water infrastructure world-wide and water providers, in order to reduce the risks, need to identify control system asset security vulnerabilities and design, build and maintain a security architecture proportionate to the risk. Human resources are fundamental to these cybersecurity systems and the required emerging job roles require industry specific definition. This paper provides definition on the roles and responsibilities for control system security governance, particularly from the perspective of skills and knowledge and training requirements with a view to addressing leading industry security standards for control systems and practices.
    VL  - 4
    IS  - 1
    ER  - 

    Copy | Download

Author Information
  • LRES Training Management, Melbourne, Australia

  • Sections