Unauthorized access control in water utility computer networks

Ioan Florin Voicu (), Dragos Cristian Diaconu () and Daniel Constantin Diaconu ()
Additional contact information
Ioan Florin Voicu: ING Hubs, Bucharest, Romania
Dragos Cristian Diaconu: Bucharest University of Economic Studies, Bucharest, Romania
Daniel Constantin Diaconu: University of Bucharest, Bucharest, Romania

International Conference on Machine Intelligence & Security for Smart Cities (TRUST) Proceedings, 2024, vol. 1, 79-88

Abstract: Virtual tampering in water utility systems can lead to highly dangerous real-world situations such as shortages and permanent damage to infrastructure. While cybersecurity guidelines do exist for Romanian companies like ApaNova, they are inadequate for protecting the water supply chain. Evaluating the potential vulnerabilities such systems have and presenting open-source methods to improve them is critical for the cybersecurity sustainability of utility services. Building on previous research regarding network cybersecurity, Kali Linux was used as a penetration testing platform in conjunction with an OPNSense-based network configuration. Initially the test included just the Apa Nova-mandated security settings (focusing on ransomware & database access protection), after which additional protective layers were added. The first extra layer was VLAN network segmentation, in compliance with Environmental Protection Agency (EPA)’s America's Water Infrastructure Act (AWIA) guidelines. Afterwards, additional settings were added, such as: Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS); Employee access only via Virtual Private Network (VPN) and Medium Access Control (MAC) address filtering for all employee Wi-Fi devices. A monitoring solution inOPNSense was also implemented, in order to be informed of any suspicious activity on the network. In conjunction with this, a patching strategy was created, which would minimize downtime, while ensuring the system is kept up to date. This is facilitated by the open-source nature of OPNSense, which does not need costly license upgrades to remain secure. The results showed that while protection against ransomware/viruses is important and relatively easy to implement, testing confirmed the findings of previous articles that malicious internal actors are an even greater threat than viruses. This requires constant protection and monitoring against privilege misuse by even authorized personnel. A wider view is offered on how easy it is to gain access to current systems and several off-the-shelf open-source software solutions are highlighted that can prevent water utility shutdown or misuse by malicious actors.

Keywords: Pen Testing; OPNSense; VPN; water management. (search for similar items in EconPapers)
JEL-codes: O35 (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://scrd.eu/index.php/trust/article/view/549/514 (application/pdf)
https://scrd.eu/index.php/trust/article/view/549 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:pop:trustp:v:1:y:2024:p:79-88

Access Statistics for this article

More articles in International Conference on Machine Intelligence & Security for Smart Cities (TRUST) Proceedings from Smart-EDU Hub, Faculty of Public Administration, National University of Political Studies & Public Administration Contact information at EDIRC.
Bibliographic data for series maintained by Professor Catalin Vrabie ().