Press Release
Developing Cybersecurity Solutions for Industrial Infrastructures
Cranberry Water Treatment Plant Superintendent Bret Grossnickle, shown here inspecting water treatment equipment in the facility.
Wed, 04/19/2023 - 15:40
There are approximately 153,000 public drinking water systems and more than 16,000 publicly owned wastewater treatment systems in the United States, according to the Cybersecurity and Infrastructure Security Agency. A cyberattack on any one of these systems could lead to service outages, damage to critical infrastructure, and even potentially illness and loss of life.
The Johns Hopkins Applied Physics Laboratory (APL) in Laurel, Maryland, has developed a cost-effective cyber-physical security situational awareness capability for industrial control systems and applied it at the Cranberry Water Treatment plant in Westminster, Maryland. The technology is designed to detect and alert operators to malicious activity, such as unauthorized access, malicious code and data exfiltration. It also provides a comprehensive view of the system’s health and performance, allowing operators to quickly identify and address any issues.
This solution combines network fingerprinting, host-based monitoring, digital twin technology, and advanced event correlation and alerting to provide an operator with a detailed understanding of their systems.
“We’ve got a suite of relatively inexpensive tools that these facilities can easily adapt to secure their infrastructure,” said Joe Maurio, chief scientist of the Critical Infrastructure Protection Group in APL’s Asymmetric Operations Sector (AOS). “When implemented, they can make any type of infrastructure — from energy systems to communications systems — more secure and resilient to cyberattack.”
The team worked closely with Cranberry Water Treatment Plant Superintendent Bret Grossnickle, who provided an understanding of plant operations, and with Jack Wilson on technical support for integration with the plant’s operational technology system. The collaboration helped the team refine the system for use in an operational environment and tailor how information is displayed to the operator.
The APL team tested the system by mimicking events, such as an unauthorized USB drive in a local workstation, an attempt to modify the established speed of a chlorine pump above the normal operating range, and the creation of an abnormal network connection to the control network. The APL system successfully detected the unexpected behavior for all of these scenarios during testing.
APL’s Alex Beall (left) and Joe Maurio (center) worked closely with Grossnickle (right), who provided an understanding of plant operations.
Credit: Johns Hopkins APL
Critical Systems
To help keep water safe as it travels to homes and businesses, water treatment plants ensure that the water has low levels of a chemical disinfectant when it leaves the treatment plant. This remaining disinfectant kills germs living in the pipes between the water treatment plant and your tap.
“There are several potential impacts from a compromised water treatment plant, such as loss of drinking water, basic sanitation and fire protection,” Maurio said. “There could also be surface water contamination that leads to public health and environmental protection crises, as well as economic impact to agriculture and manufacturing.”
Maurio noted that many smaller water treatment facilities around the country don’t have the staff or resources to devote to a comprehensive cybersecurity program, focusing instead on operating the plant to provide clean drinking water. But attempted cyberattacks on water systems are occurring with increasing frequency according to the Environmental Protection Agency.
“Some of these smaller facilities serve 10,000 or more citizens,” Maurio said. “That is a lot of people at risk if something goes wrong. Clearly, there is a compelling and urgent need to provide this infrastructure sector with cost-effective and comprehensive solutions to secure their control systems from cyber threats.”
Test Case at Cranberry
AOS’s Critical Infrastructure Protection Group — Maurio, Alex Beall, Daniel Davenport, Carolyn Hughes, Ryan Silva and Victor Zhu — developed a solution to this pressing problem that builds on More Situational Awareness for Industrial Control Systems (MOSAICS), previous Laboratory work aimed at integrating various technologies to provide a comprehensive situational awareness and response capability for industrial control systems.
The Cranberry Water Treatment Plant, which serves about 30,000 residents, allowed the team to assemble a Cyber-Physical Situational Awareness Toolkit as a combined software solution. It features a suite of cybersecurity tools developed specifically for industrial control systems and consists of two parts: the Cyber Situational Awareness Kit (Cyber Kit) and the Physical Situational Awareness Kit (Physical Kit).
These two halves are joined in a security information and event management tool to process and analyze system and network events that ultimately provide operators with an aggregated and correlated view of the systems’ cyber state. The system leverages several APL-developed technologies, including DISCO (Distributed Integrity System Check Overlay), which deploys a series of intelligent checker modules within a system to monitor its behavior to evaluate the system’s integrity, and PICA-D (Physics Informed Cyber Attack Detection), which enables the widespread adoption of physics-based attack detection in infrastructure systems by reducing adoption costs via automation.
The kit also leverages affordable, commercial off-the-shelf technologies, including Elasticsearch, which aggregates cyber data from hosts into a central location, and Kibana, a real-time data analysis tool and dashboard.
APL’s solution is designed to be easy to deploy and maintain, cost-effective and scalable, allowing it to be used in a variety of different environments. Maurio said this system is one example of how the MOSAICS reference architecture can be adapted for a control system of any size.