*4.1. Publication Trends*

Figure 5 shows the application domains of the security studies. The majority of studies were carried out on drinking water systems: 39 studies focused on security of water distribution systems (WDS) including water distribution networks; 3 studies included water supply and distribution systems; and 2 studies focused on water supply systems. Another 16 studies investigated security of drinking water treatment systems. Only four studies focused on non-drinking water systems: 3 studies focused on canal automation systems used for irrigation; and one study covered wastewater systems. There is a clear imbalance between studies covering water systems designed to provide drinking water versus those designed for other forms of water.

**Figure 5.** Application domains.

Figure 6 shows the timeline of publication. The earliest publication found dates from 2004, but most of the research effort (56 papers) was published after 2015. Answering **RQ1**, there has been increasing interest in the security of water systems over the years, likely as a result of the emergence of new resources and corresponding effort that made use of them.

These resources include the deployment of two important testbeds: the Secure Water Treatment (SWaT) testbed [43] and water distribution testbed (WADI) [44], and associated datasets [45] at the iTrust Centre for research in cyber-security at Singapore University of Technology and Design [46], and the BATADAL (BATtle of the Attack Detection Algorithms) competition organised by iTrust center and their international collaborators [47] to detect cyber-attacks against water distribution systems (WSD). This corresponds to a period (post 2016) in which associated open-source attack detection has become more available and European Commission (EC) projects such as FACIES (online identification of Failure and Attack on interdependent Critical InfrastructurES) [48] and STOP-IT [49] have been investigating physical and cyber-security of critical water infrastructures. This trend is supported by the number of publications per country involved in these projects.

**Figure 6.** Number of publications over the years.

Figure 7 shows the distribution of studies per country based on the location of the authors. If the authors of the publication were located in multiple countries, for example several authors from Singapore and one author from Israel, both countries were added to the statistics. Figure 7 provides an answer to **RQ2** indicating that most of the existing research has been carried out by authors in countries that have made investments in this area: Singapore and their collaborators (Israel, USA) and countries involved in projects funded by the EC.

**Figure 7.** Country of publication based on location of authors.

Figure 8 shows the results to answer **RQ3**. Most of the research has been carried out by academia (85.1%); 6.8% was based in private organisations that provide security consulting services; 6.8% is provided by independent or public funded research organisations; and one paper (1.4%) was supported by a government agency. Interestingly, we failed to identify any research papers that were co-written with authors from water companies.

Figure 9 illustrates the distribution of publications based on venue type. Most publications (54.7%) were published in conferences, 31.2% were published in journals and the remaining 14.1% were published in workshops. Table 3 shows the publication venues for these papers. To answer **RQ4**, the most targeted conference is the World Environmental and Water Resources Congress with 11 papers published; the remaining conference papers were published in a wide range of conferences. The International Workshop on Cyber–Physical Systems for Smart Water Networks, which was established in 2015 and brings together researchers and engineers working on smart water systems, is the most targeted workshop. The most popular journal targeted for publishing security-related papers for water systems is the Journal of Water Resources Planning and Management, published by the American Society of Civil Engineers since the early 1990s. There was not enough data to reliably investigate the role of the conference and journal influencing the publication citations.

**Figure 9.** Venues for publication.

Figure 10 shows the results for **RQ5**, the security aspects covered by the publications. Most of the existing work focuses on detection mechanisms. The availability of datasets such as SWaT and WADI [45] has encouraged more research in this area. 31 papers

investigated detection models; 10 papers investigating attacks against water systems and determining their impact; 9 papers on simulation or testbeds; 5 papers used modelling approaches for security analysis; 3 papers developed approaches for risk and resilience management; 2 papers were on datasets; 2 papers covered case studies; 2 papers examined benchmarking; a single paper addressed the development of a security framework; and another paper looked at improving security monitoring capabilities for water systems. In the following sections, we introduce the security aspects covered by the publications and provide a review.

**Figure 10.** Security aspects covered by publication.



#### **Table 3.** *Cont.*
