Water Infrastructure Research Paper
Description the water infrastructure consists of built to pump, divert, transport, store, treat, and deliver safe drinking water. The infrastructure consists of a large number of of groundwater wells, surface-water intakes, dams, reservoirs, storage tanks, drinking-water facilities, pipes, and aqueducts. Briefly I'll give you a quick rundown on how the service is provided.
The groundwater naturally is stored in underground geologic formations, and is pumped from its subterranean source via a single well or multiple wells. Surface water can be accessed via an intake pipe in a river, canal, large lake, or artificial reservoir. In some rivers, low-head dams may be used to pool the water for more efficient withdrawal. In other cases, large …show more content…
dams have been constructed to impound water on a large scale, thereby ensuring a reliable water supply throughout the year, and from year to year.
Regardless of the water source the water is then transported via pumps and pipes usually first to a water treatment plant at which point it is treated (if required) so that it meets the necessary drinking-water standards.
Once treated the Water may be stored in underground or above-ground tanks. Storage most commonly is used for two reasons:
(1) to provide adequate contact time for disinfection; and
(2) to provide for peak demand, when customer demand may exceed what the pumping system can supply (e.g., in the morning when most people are showering and preparing breakfast).
The last component is the distribution system that moves the treated water throughout the community. The finished water often is stored in treated water reservoirs until it is needed for residential, industrial, municipal, or agricultural uses.
So now that we have discussed the processes necessary to get the water from the storage facility we can now discuss the IT systems that are required to keep the process going.
* Monitoring systems - which keep track of the water …show more content…
levels * Pumping systems - enable to see the current water flow and locations where the water is going * Pipe monitoring - allowing to shutdown certain pipe lines if over a certain % lost threshold, which may indicate a damaged pipeline. * treatment systems - ensure that the water passing through the plant meets the defined drinking water standards.
* communication systems are also used to relay information with regards to subsystems to the appropriate department. Tho not all of the communication systems are required to be operational these include: * email * billing * website
Other systems that are used but not essential to the operation of the water facility include: * accounting systems (payroll, billing) * personal information (customers, employees)
Possible types of attack
* Denial of Service attack * Gain access to mains water pipe lines locations * Access to financial information * Access to employees and customer information * Attack on water monitoring systems * Attack on water maintenance systems * Attack on the water treatment systems * Opening Spillway gates * Affecting Pumping stations * Opening and closing major valves
Possible Risks
Denial of Service attack -
If attackers were to launch a DoS / DDoS attack, the effect would only be left by users trying to access the SA Water site, depending on the length of the DoS business would be able to continue as usual, but prolonged DoS attacks may affect the payment of bills but not the running of the CI.
Gain access to mains water pipe lines locations -
Attackers may access the system to find locations of mains water pipes, once found they may damage the pipes directly which would be disastrous for the affected areas. This area of water system is not secure enough. Pipe lines are spread over thousands of miles of area. They may add chemicals / poisons to the water supply and cause harm to hundreds of thousands of users in the affected areas.
Access to financial information -
Once attackers gain access they would be able to download all of the financial data and use that to divert funds to other accounts or they can just drain all of the accounts. Along with stealing money they could change data which would compromise the integrity of the entire system.
Access to employees and customer information -
If Attackers gain access to the employee and customer information they would be able to steal names, addresses and banking information.
This information could then be sold off to others, to be used in identity theft, having their money stolen or being added to various mailing lists.
Attack on water monitoring systems -
If attackers were able to access the water monitoring systems there is potential for chaos as they could change the values to lower or higher readings, if higher readings were input this could result in a purge of some water to stop the reservoirs from over flowing. Once the monitoring system has been changed it will be hard to know for sure how much water is available to the public.
Attack on water maintenance systems -
Attackers could change information regarding when maintenance is due to take place, what work is to be done and could even pose as the maintenance team and damage the pumps or lines. From this system it is likely that water areas could be marked to be shutdown due to maintenance causing issues for the affected areas.
Attack on the water treatment systems
-
Should attackers gain access to the water treatment systems this would allow them to change the standards of useable water. They could add chemicals, poisons and contaminants in water. This could lead to sickness for those affected.
Opening Spillway gates - spillway gates to cause significant flooding downstream, or try to flood the dam itself to interrupt power generation.
Affecting Pumping stations - Loss of flow and pressure would not only affect water customers, but wreak havoc with fire fighting abilities as well.
Opening and closing major valves - if terrorists were able to rapidly open or close major valves—an action that would result in numerous main breaks throughout the system.
Possible scenario ideas
Water resources and water systems are viewed as targets for terrorist attacks for the same reasons they are targets during periods of war. Water resources are a prime infrastructure target for destruction or compromise by terrorist acts. For example, terrorists could attempt to blow up a dam to flood a particular area. However, it would take a very concerted effort to blow up a large dam.
However, they could target the spillway gates to cause significant flooding downstream, or try to flood the dam itself to interrupt power generation. Pumping stations could also be targeted. Loss of flow and pressure would not only affect water customers, but wreak havoc with fire fighting abilities as well. Chemical containers, used in water treatment processes, could also be targeted. Another concern is if terrorists were able to rapidly open or close major valves—an action that would result in numerous main breaks throughout the system.
Backflow also is a serious concern. A public water system has relatively unprotected access to the distribution system at certain locations. Given sufficient understanding of water systems, a terrorist could distribute toxic chemicals throughout a neighbourhood or pressure zone without detection in most places. These potential actions would rival natural disasters in the stresses they would place on those responsible for the systems and those receiving services from them. Another utility that could be affected include hydro electric plants, but this is a not a huge issue as Australia as a whole with the exception of Tasmania, does not have enough rainfall or the right topography to provide sufficient hydro-electric potential to fulfil all its needs. But i digress.
Risk Analysis
Description of Risk | Impact or consequence (severity) | Likelihood/ Probability | Grade | Risk Tolerance | Control technique –mitigation | Contingency plan | Denial of Service attack | Low | Medium | C | Y | | TBD - Week 7 | Location of mains pipe lines | Medium | Low | D | Y* | | TBD - Week 7 | Access to financial information | Medium | Low | D | Y | | TBD - Week 7 | Access to employees and customer information | Medium | Low | D | Y | | TBD - Week 7 | Attack on water monitoring systems | Extreme | Low | A | Y** | | TBD - Week 7 | Attack on maintenance systems | Extreme | Low | A | Y** | | TBD - Week 7 | Attack on water treatment systems | Extreme | Low | A | Y** | | TBD - Week 7 | Opening Spillway Gates | High | Low | C | Y | | TBD - Week 7 | Affecting Pumping Stations | Extreme | Low | A | Y** | | TBD - Week 7 | Opening and closing major valves | Extreme | Low | A | Y** | | TBD - Week 7 |
* Risk Tolerances will vary depending upon length of interruption
**depending upon what actually occur
Key to Risk Rating Symbols used: Rating for Likelihood and Severity for each risk | L | Rated as Low | E | Rated as Extreme (Used for Seriousness only) | M | Rated as Medium | NA | Not Assessed | H | Rated as High | | |
Grade: Combined effect of Likelihood/Severity | | Seriousness | Likelihood | | low | medium | high | EXTREME | | low | N | D | C | A | | medium | D | C | B | A | | high | C | B | A | A |
Recommended actions for grades of risk | Grade | Risk mitigation actions | A | Mitigation actions to reduce the likelihood and seriousness to be identified and implemented as soon as possible. | B | Mitigation actions to reduce the likelihood and seriousness to be identified and appropriate actions implemented. | C | Mitigation actions to reduce the likelihood and seriousness to be identified and costed for possible action if funds permit. | D | To be noted - no action is needed unless grading increases over time. | N | To be noted - no action is needed unless grading increases over time. |
The groundwater naturally is stored in underground geologic formations, and is pumped from its subterranean source via a single well or multiple wells. Surface water can be accessed via an intake pipe in a river, canal, large lake, or artificial reservoir. In some rivers, low-head dams may be used to pool the water for more efficient withdrawal. In other cases, large …show more content…
dams have been constructed to impound water on a large scale, thereby ensuring a reliable water supply throughout the year, and from year to year.
Regardless of the water source the water is then transported via pumps and pipes usually first to a water treatment plant at which point it is treated (if required) so that it meets the necessary drinking-water standards.
Once treated the Water may be stored in underground or above-ground tanks. Storage most commonly is used for two reasons:
(1) to provide adequate contact time for disinfection; and
(2) to provide for peak demand, when customer demand may exceed what the pumping system can supply (e.g., in the morning when most people are showering and preparing breakfast).
The last component is the distribution system that moves the treated water throughout the community. The finished water often is stored in treated water reservoirs until it is needed for residential, industrial, municipal, or agricultural uses.
So now that we have discussed the processes necessary to get the water from the storage facility we can now discuss the IT systems that are required to keep the process going.
* Monitoring systems - which keep track of the water …show more content…
levels * Pumping systems - enable to see the current water flow and locations where the water is going * Pipe monitoring - allowing to shutdown certain pipe lines if over a certain % lost threshold, which may indicate a damaged pipeline. * treatment systems - ensure that the water passing through the plant meets the defined drinking water standards.
* communication systems are also used to relay information with regards to subsystems to the appropriate department. Tho not all of the communication systems are required to be operational these include: * email * billing * website
Other systems that are used but not essential to the operation of the water facility include: * accounting systems (payroll, billing) * personal information (customers, employees)
Possible types of attack
* Denial of Service attack * Gain access to mains water pipe lines locations * Access to financial information * Access to employees and customer information * Attack on water monitoring systems * Attack on water maintenance systems * Attack on the water treatment systems * Opening Spillway gates * Affecting Pumping stations * Opening and closing major valves
Possible Risks
Denial of Service attack -
If attackers were to launch a DoS / DDoS attack, the effect would only be left by users trying to access the SA Water site, depending on the length of the DoS business would be able to continue as usual, but prolonged DoS attacks may affect the payment of bills but not the running of the CI.
Gain access to mains water pipe lines locations -
Attackers may access the system to find locations of mains water pipes, once found they may damage the pipes directly which would be disastrous for the affected areas. This area of water system is not secure enough. Pipe lines are spread over thousands of miles of area. They may add chemicals / poisons to the water supply and cause harm to hundreds of thousands of users in the affected areas.
Access to financial information -
Once attackers gain access they would be able to download all of the financial data and use that to divert funds to other accounts or they can just drain all of the accounts. Along with stealing money they could change data which would compromise the integrity of the entire system.
Access to employees and customer information -
If Attackers gain access to the employee and customer information they would be able to steal names, addresses and banking information.
This information could then be sold off to others, to be used in identity theft, having their money stolen or being added to various mailing lists.
Attack on water monitoring systems -
If attackers were able to access the water monitoring systems there is potential for chaos as they could change the values to lower or higher readings, if higher readings were input this could result in a purge of some water to stop the reservoirs from over flowing. Once the monitoring system has been changed it will be hard to know for sure how much water is available to the public.
Attack on water maintenance systems -
Attackers could change information regarding when maintenance is due to take place, what work is to be done and could even pose as the maintenance team and damage the pumps or lines. From this system it is likely that water areas could be marked to be shutdown due to maintenance causing issues for the affected areas.
Attack on the water treatment systems
-
Should attackers gain access to the water treatment systems this would allow them to change the standards of useable water. They could add chemicals, poisons and contaminants in water. This could lead to sickness for those affected.
Opening Spillway gates - spillway gates to cause significant flooding downstream, or try to flood the dam itself to interrupt power generation.
Affecting Pumping stations - Loss of flow and pressure would not only affect water customers, but wreak havoc with fire fighting abilities as well.
Opening and closing major valves - if terrorists were able to rapidly open or close major valves—an action that would result in numerous main breaks throughout the system.
Possible scenario ideas
Water resources and water systems are viewed as targets for terrorist attacks for the same reasons they are targets during periods of war. Water resources are a prime infrastructure target for destruction or compromise by terrorist acts. For example, terrorists could attempt to blow up a dam to flood a particular area. However, it would take a very concerted effort to blow up a large dam.
However, they could target the spillway gates to cause significant flooding downstream, or try to flood the dam itself to interrupt power generation. Pumping stations could also be targeted. Loss of flow and pressure would not only affect water customers, but wreak havoc with fire fighting abilities as well. Chemical containers, used in water treatment processes, could also be targeted. Another concern is if terrorists were able to rapidly open or close major valves—an action that would result in numerous main breaks throughout the system.
Backflow also is a serious concern. A public water system has relatively unprotected access to the distribution system at certain locations. Given sufficient understanding of water systems, a terrorist could distribute toxic chemicals throughout a neighbourhood or pressure zone without detection in most places. These potential actions would rival natural disasters in the stresses they would place on those responsible for the systems and those receiving services from them. Another utility that could be affected include hydro electric plants, but this is a not a huge issue as Australia as a whole with the exception of Tasmania, does not have enough rainfall or the right topography to provide sufficient hydro-electric potential to fulfil all its needs. But i digress.
Risk Analysis
Description of Risk | Impact or consequence (severity) | Likelihood/ Probability | Grade | Risk Tolerance | Control technique –mitigation | Contingency plan | Denial of Service attack | Low | Medium | C | Y | | TBD - Week 7 | Location of mains pipe lines | Medium | Low | D | Y* | | TBD - Week 7 | Access to financial information | Medium | Low | D | Y | | TBD - Week 7 | Access to employees and customer information | Medium | Low | D | Y | | TBD - Week 7 | Attack on water monitoring systems | Extreme | Low | A | Y** | | TBD - Week 7 | Attack on maintenance systems | Extreme | Low | A | Y** | | TBD - Week 7 | Attack on water treatment systems | Extreme | Low | A | Y** | | TBD - Week 7 | Opening Spillway Gates | High | Low | C | Y | | TBD - Week 7 | Affecting Pumping Stations | Extreme | Low | A | Y** | | TBD - Week 7 | Opening and closing major valves | Extreme | Low | A | Y** | | TBD - Week 7 |
* Risk Tolerances will vary depending upon length of interruption
**depending upon what actually occur
Key to Risk Rating Symbols used: Rating for Likelihood and Severity for each risk | L | Rated as Low | E | Rated as Extreme (Used for Seriousness only) | M | Rated as Medium | NA | Not Assessed | H | Rated as High | | |
Grade: Combined effect of Likelihood/Severity | | Seriousness | Likelihood | | low | medium | high | EXTREME | | low | N | D | C | A | | medium | D | C | B | A | | high | C | B | A | A |
Recommended actions for grades of risk | Grade | Risk mitigation actions | A | Mitigation actions to reduce the likelihood and seriousness to be identified and implemented as soon as possible. | B | Mitigation actions to reduce the likelihood and seriousness to be identified and appropriate actions implemented. | C | Mitigation actions to reduce the likelihood and seriousness to be identified and costed for possible action if funds permit. | D | To be noted - no action is needed unless grading increases over time. | N | To be noted - no action is needed unless grading increases over time. |