*4.5. Security Frameworks*

Modern water treatment infrastructures consist of interconnected systems layered in a hierarchy, such as a supervisory layer consisting of SCADA systems, and a control layer composed of PLCs, sensors and actuators. Data flows occur between these layers via multiple communication networks. Mathur [113] proposes a multilayer security framework composed of seven layers of countermeasures applied to different network layers to secure water treatment systems. Proposed countermeasures include attack prevention mechanisms (firewalls), attack detection mechanisms (intrusion detection systems, process anomaly detection), and post-attack mechanisms that could bring the process back to a normal or manageable state. A partial implementation of the proposed framework was tested on the SWaT testbed.

## *4.6. Security Benchmarks and Case Studies*

TNO (Netherlands Organisation for Applied Scientific Research—an independent research organisation) and the NICC (the Netherlands Infrastructure Cybercrime unit), carried out a study [114] to understand the current state of cyber-security of process control in the drinking water sector in the Netherlands. Researchers report that a large variance of security posture was found among organisations; the data collected exposed serious weaknesses in each company. As the study contained sensitive national data, confidentiality of the organisations was maintained and the reported analyses were based on artificially aggregated data. The study was effective and resulted in the development of good practices for SCADA security for drinking water organisations, which are available both in Dutch and English [115]. Building on this work, Burghouwt et al. [116] measured the cybersecurity state of the 19 water management organisations in the Netherlands through an improved questionnaire. Researchers identified a lack of uniformity on security postures between organisations, partly due to ineffective management of security responsibilities. They designed and built DESI [116], a simulator to demonstrate cyber–physical attack scenarios and improve cyber-attack knowledge.

A case study paper was presented in [117] investigating access control mechanisms in industrial control systems conducted on the WADI testbed, to show how the lack of effective access control could lead to malicious behaviour. Researchers revealed that a lack of access control in network protocols, systems and field devices used in ICS is making these systems vulnerable to attacks.

A critical case study for security of water systems is the Marooch water breach incident. Slay and Miller [29] discusses this incident and reports the lessons learned from the incident emphasising the need for effective, reliable and economically viable security countermeasures including intrusion detection systems for SCADA networks, better management of security policies and procedures, investment in security training for staff, and a wider and sustainable collaboration between academia, industry, vendors and government agencies to tackle existing and future security threats.
