IDEAS home Printed from https://ideas.repec.org/a/pop/trustp/v1y2024p79-88.html
   My bibliography  Save this article

Unauthorized access control in water utility computer networks

Author

Listed:
  • Ioan Florin VOICU

    (ING Hubs, Bucharest, Romania)

  • Dragos Cristian DIACONU

    (Bucharest University of Economic Studies, Bucharest, Romania)

  • Daniel Constantin DIACONU

    (University of Bucharest, Bucharest, Romania)

Abstract

Virtual tampering in water utility systems can lead to highly dangerous real-world situations such as shortages and permanent damage to infrastructure. While cybersecurity guidelines do exist for Romanian companies like ApaNova, they are inadequate for protecting the water supply chain. Evaluating the potential vulnerabilities such systems have and presenting open-source methods to improve them is critical for the cybersecurity sustainability of utility services. Building on previous research regarding network cybersecurity, Kali Linux was used as a penetration testing platform in conjunction with an OPNSense-based network configuration. Initially the test included just the Apa Nova-mandated security settings (focusing on ransomware & database access protection), after which additional protective layers were added. The first extra layer was VLAN network segmentation, in compliance with Environmental Protection Agency (EPA)’s America's Water Infrastructure Act (AWIA) guidelines. Afterwards, additional settings were added, such as: Intrusion Detection Systems (IDS) & Intrusion Prevention Systems (IPS); Employee access only via Virtual Private Network (VPN) and Medium Access Control (MAC) address filtering for all employee Wi-Fi devices. A monitoring solution inOPNSense was also implemented, in order to be informed of any suspicious activity on the network. In conjunction with this, a patching strategy was created, which would minimize downtime, while ensuring the system is kept up to date. This is facilitated by the open-source nature of OPNSense, which does not need costly license upgrades to remain secure. The results showed that while protection against ransomware/viruses is important and relatively easy to implement, testing confirmed the findings of previous articles that malicious internal actors are an even greater threat than viruses. This requires constant protection and monitoring against privilege misuse by even authorized personnel. A wider view is offered on how easy it is to gain access to current systems and several off-the-shelf open-source software solutions are highlighted that can prevent water utility shutdown or misuse by malicious actors.

Suggested Citation

  • Ioan Florin VOICU & Dragos Cristian DIACONU & Daniel Constantin DIACONU, 2024. "Unauthorized access control in water utility computer networks," International Conference on Machine Intelligence & Security for Smart Cities (TRUST) Proceedings, Smart-EDU Hub, Faculty of Public Administration, National University of Political Studies & Public Administration, vol. 1, pages 79-88, July.
    • Handle: RePEc:pop:trustp:v:1:y:2024:p:79-88
    as

    Download full text from publisher

    File URL: https://scrd.eu/index.php/trust/article/view/549/514
    Download Restriction: no
    File URL: https://scrd.eu/index.php/trust/article/view/549
    Download Restriction: no
    ---><---

    More about this item

    Keywords

    Pen Testing; OPNSense; VPN; water management.;
    All these keywords.

    JEL classification:

    • O35 - Economic Development, Innovation, Technological Change, and Growth - - Innovation; Research and Development; Technological Change; Intellectual Property Rights - - - Social Innovation

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pop:trustp:v:1:y:2024:p:79-88. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Professor Catalin Vrabie (email available below). General contact details of provider: https://edirc.repec.org/data/fasnsro.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.