**6. Conclusions**

In this paper, we have systematically reviewed the existing peer-reviewed research efforts to secure water systems, and have identified limitations in those research efforts and possible future directions for securing next generation of smart water CPS. This study provides guidance for understanding the existing security research for developing secure smart water systems.

In comparison to other utilities such as electricity, the security of water systems has not received much research attention in the past, but this is changing, and there has been an increase in the number of studies since 2016 supported by EC research and innovation funding programs and international funding opportunities. The studies reviewed in this paper are encouraging, but they require further work for validation and deployment on real water systems. Most of the existing studies, including testbeds, simulation tools and datasets, have focused on drinking water treatment, supply and distribution. Further studies are required to build testbeds, simulation and datasets that investigate security of non-drinking water sectors such as wastewater treatment systems, stormwater management and systems for agriculture and irrigation.

Finally, development of a comprehensive usable security framework that covers different aspects of security, from prevention to detection, response and mitigation requires a multidisciplinary approach involving academia-industry-government cooperation.

**Author Contributions:** Conceptualization, N.T., S.H. and J.W.; methodology, N.T. and S.H.; data curation, N.T.; writing—original draft preparation, N.T.; writing—review and editing, N.T., P.H., S.H. and J.W.; visualization, N.T. and P.H.; supervision, S.H. and J.W. All authors have read and agreed to the published version of the manuscript.

**Funding:** This research was funded by the UK Engineering and Physical Sciences Research Council (EPSRC), under The PETRAS National Centre of Excellence for loT Systems Cybersecurity, grant number EP/S035362/1.

**Institutional Review Board Statement:** Not applicable.

**Informed Consent Statement:** Not applicable.

**Data Availability Statement:** Not applicable.

**Conflicts of Interest:** The authors declare no conflict of interest.

#### **References**

