Press Release

Developing Cybersecurity Solutions for Industrial Infrastructures

There are approximately 153,000 public drinking water systems and more than 16,000 publicly owned wastewater treatment systems in the United States, according to the Cybersecurity and Infrastructure Security Agency. A cyberattack on any one of these systems could lead to service outages, damage to critical infrastructure, and even potentially illness and loss of life.

The Johns Hopkins Applied Physics Laboratory (APL) in Laurel, Maryland, has developed a cost-effective cyber-physical security situational awareness capability for industrial control systems and applied it at the Cranberry Water Treatment plant in Westminster, Maryland. The technology is designed to detect and alert operators to malicious activity, such as unauthorized access, malicious code and data exfiltration. It also provides a comprehensive view of the system’s health and performance, allowing operators to quickly identify and address any issues.

This solution combines network fingerprinting, host-based monitoring, digital twin technology, and advanced event correlation and alerting to provide an operator with a detailed understanding of their systems.

“We’ve got a suite of relatively inexpensive tools that these facilities can easily adapt to secure their infrastructure,” said Joe Maurio, chief scientist of the Critical Infrastructure Protection Group in APL’s Asymmetric Operations Sector (AOS). “When implemented, they can make any type of infrastructure — from energy systems to communications systems — more secure and resilient to cyberattack.”

The team worked closely with Cranberry Water Treatment Plant Superintendent Bret Grossnickle, who provided an understanding of plant operations, and with Jack Wilson on technical support for integration with the plant’s operational technology system. The collaboration helped the team refine the system for use in an operational environment and tailor how information is displayed to the operator.

The APL team tested the system by mimicking events, such as an unauthorized USB drive in a local workstation, an attempt to modify the established speed of a chlorine pump above the normal operating range, and the creation of an abnormal network connection to the control network. The APL system successfully detected the unexpected behavior for all of these scenarios during testing.