Cybersecurity in Water Sector: Stakeholders Perspective

Naama Shapira, Ofira Ayalon, Avi Ostfeld, Yair Farber, Mashor Housh

Research output: Contribution to journalArticlepeer-review

Abstract

Cyberattacks on critical infrastructure systems are becoming a significant concern. Sabotage and destruction of critical infrastructures may cause devastating impacts on physical systems, economic security, public health, and safety. The water sector is one of the most critical infrastructures, and as such, identifying and managing cyber threats on the water sector's facilities is crucial to providing a continuous and safe supply of water. This study reports on a stakeholder engagement process conducted in the form of an active workshop that aims to show different stakeholder's perspective on cyber threats, knowledge gaps, and barriers to implementations of cybersecurity procedures and technologies in the water sector. The workshop, demonstrated on the Israeli water and cyber sectors, brought together 45 professionals from the water and cyber sectors (government, academia, utilities, consultants, and commercial suppliers). In the cybersecurity domain, many studies focused on developing algorithms, but only a few considered the organizational and policy aspects of the problem. The present study addresses this gap and presents an example demonstrating the importance of integrating stakeholder engagement into decision making in the water domain. The workshop's findings are summarized and analyzed to highlight top priority activity areas and suggest required actions according to the stakeholders' perspective, which can help shape the landscape of the water sector's cybersecurity.

Original languageEnglish
Article number05021008
Pages (from-to)1-15
JournalJournal of Water Resources Planning and Management - ASCE
Volume147
Issue number8
DOIs
StatePublished - 1 Aug 2021

Bibliographical note

Funding Information:
Suggested solutions and responsibility are as follows. The participants believed that the subject needs to be standardized with a well-defined standard for professional qualifications, such as systems manager and security officer, and that cyber learning should be added to the training programs (Academia’s responsibility). Water Utilities and the Water Authority should define precise specifications for employees and raise salaries for such professional positions. These entities should also be responsible for developing cybersecurity guidelines, including systems documentation and risk surveys, and implement routine exercises, simulations, and conference participation with the support and funding from the Government, including the National Cyber Directorate. The establishment of a national research and development (R&D) center by the Water Authority will help to promote such efforts. However, if a Water Utility is unable to employ professional staff or train the existing personnel, it should use outsourcing services to address its cybersecurity tasks.

Publisher Copyright:
© 2021 American Society of Civil Engineers.

Keywords

  • Cybersecurity
  • Stakeholder engagement
  • Water sector

ASJC Scopus subject areas

  • Civil and Structural Engineering
  • Geography, Planning and Development
  • Water Science and Technology
  • Management, Monitoring, Policy and Law

Fingerprint

Dive into the research topics of 'Cybersecurity in Water Sector: Stakeholders Perspective'. Together they form a unique fingerprint.

Cite this