Maintenance, upgrading and extension of the Decision Support System for the management of the Athens water resource system
Duration: October 2008–November 2011
Budget: €72 000
Project director: N. Mamassis
Principal investigator: D. Koutsoyiannis
This research project includes the maintenance, upgrading and extension of the Decision Support System that developed by NTUA for EYDAP in the framework of the research project “Updating of the supervision and management of the water resources’ system for the water supply of the Athens’ metropolitan area”. The project is consisted of the following parts: (a) Upgrading of the Data Base, (b)Upgrading and extension of hydrometeorological network, (c) upgrading of the hydrometeorological data process software, (d) upgrading and extension of the Hydronomeas software, (e) hydrological data analysis and (f) support to the preparation of the annual master plans
G. Moraitis, G.-K. Sakki, G. Karavokiros, D. Nikolopoulos, P. Kossieris, I. Tsoukalas, and C. Makropoulos, Exploring the cyber-physical threat landscape of water systems: A socio-technical modelling approach, Water, 15 (9), 1687, doi:10.3390/w15091687, 2023.
The identification and assessment of the cyber-physical-threat landscape that surrounds water systems in the digital era is governed by complex socio-technical dynamics and uncertainties that exceed the boundaries of traditional risk assessment. This work provides a remedy for those challenges by incorporating socio-technical modelling to account for the adaptive balance between goal-driven behaviours and available skills of adversaries, exploitable vulnerabilities of assets and utility’s security posture, as well as an uncertainty-aware multi-scenario analysis to assess the risk level of any utility against cyber-physical threats. The proposed risk assessment framework, underpinned by a dedicated modelling chain, deploys a modular sequence of processes for (a) the estimation of vulnerability-induced probabilities and attack characteristics of the threat landscape under a spectrum of adversaries, (b) its formulation to a representative set of stochastically generated threat scenarios, (c) the combined cyber-physical stress-testing of the system against the generated scenarios and (d) the inference of the system’s risk level at system and asset level. The proposed framework is demonstrated by exploring different configurations of a synthetic utility case study that investigate the effects and efficiency that different cyber-security practices and design traits can have over the modification of the risk level of the utility at various dimensions.
Full text: http://www.itia.ntua.gr/en/getfile/2289/1/documents/water-15-01687.pdf (2852 KB)
See also: https://www.mdpi.com/2073-4441/15/9/1687
D. Nikolopoulos, G. Moraitis, G. Karavokiros, D. Bouziotas, and C. Makropoulos, Stress-testing alternative water quality sensor designs under cyber-physical attack scenarios, Environmental Sciences Proceedings, 21 (1), 17, doi:10.3390/environsciproc2022021017, 2022.
Water systems are rapidly transforming into cyber-physical systems. Despite the benefits of remote control and monitoring, autonomous operation and connectivity, there is an expanded threat surface, which includes cyber-physical attacks. This study demonstrates a stress-testing methodology that focuses on assessing the performance of a contamination warning system, designed with alternative water quality (WQ) sensor placement strategies against cyber-physical attacks. The physical part of the attacks consists of backflow injection attacks with a contaminant, while the cyber part comprises cyber-attacks to the contamination warning system. The WQ sensor designs are generated with the Threat Ensemble Vulnerability Assessment and Sensor Placement Optimization Tool (TEVA-SPOT), based on optimizing various metrics. The coupled WDN and CPS operation, the deliberate contamination events, and the cyber-physical attacks, are simulated with the water system cyber-physical stress-testing platform RISKNOUGHT. Multidimensional resilience profile graphs are utilized to analyze performance, demonstrated in a benchmark case study. This type of assessment can be useful in risk assessment studies for water utilities as well as in WQ sensor placement optimization.
Full text: http://www.itia.ntua.gr/en/getfile/2251/1/documents/environsciproc-21-00017.pdf (1778 KB)
See also: https://www.mdpi.com/2673-4931/21/1/17
G. Moraitis, I. Tsoukalas, P. Kossieris, D. Nikolopoulos, G. Karavokiros, D. Kalogeras, and C. Makropoulos, Assessing cyber-physical threats under water demand uncertainty, Environmental Sciences Proceedings, 21 (1), 18, doi:10.3390/environsciproc2022021018, October 2022.
This study presents an approach for the assessment of cyber-physical threats to water distribution networks under the prism of the uncertainty which stems from the variability and stochastic nature of nodal water demands. The proposed framework investigates a single threat scenario under a spectrum of synthetic, yet realistic, system states which are driven by an ensemble of stochastically generated nodal demands. This Monte Carlo-type experiment enables the probabilistic inference about model outputs, and hence the derivation of probabilistic estimates over consequences. The approach is showcased for a cyber-physical attack scenario against the monitoring and control system of a benchmark network.
Full text: http://www.itia.ntua.gr/en/getfile/2250/1/documents/environsciproc-21-00018.pdf (933 KB)
See also: https://www.mdpi.com/2673-4931/21/1/18
G. Moraitis, and E. Baltas, Dealing with LSPIV questions on the field: An approach for autonomous flood gauging using UAVs, European Water, 71/72, 27–40, 2020.
In an era when flood phenomena intensify worldwide, the scarcity of proper and systematic flood flow measurements has become a conundrum. As an answer, the non-intrusive Large-Scale Particle Image Velocimetry (LSPIV) method has recently advanced to a contemporary gauging alternative, though several limitations in the field application pose questions. To tackle relevant restrains, this study brings forth a new approach for LSPIV field applications and flood gauging using lightweight unmanned aerial vehicles (UAV). In the core of the suggested approach lies a flexible yet direct and accurate matching technique to define the water surface as reference plane, without the need for fixed Ground Control Points (GCP) on the field. In addition, to address uncertainties relevant to apparatus movements that occur from winds and gusts during field recordings, an error-removing process that utilises digital fictitious GCPs is reported. The proposed techniques, implemented via a purpose-built application, are evaluated under various recording conditions in both laboratory and field studies, with positive results. Overall, the granted autonomy, as a result of the approach, provides applicability of the LSPIV method to practically any section of interest without the need for construction or the presence of personnel in hazardous conditions, allowing for a safe, efficient, and low-cost flood gauging alternative.
Full text: http://www.itia.ntua.gr/en/getfile/2291/1/documents/EW_2020_71-72_03.pdf (2928 KB)
G. Moraitis, D. Nikolopoulos, D. Bouziotas, A. Lykou, G. Karavokiros, and C. Makropoulos, Quantifying failure for critical water Infrastructures under cyber-physical threats, Journal of Environmental Engineering, 146 (9), doi:10.1061/(ASCE)EE.1943-7870.0001765, 2020.
This paper presents a failure quantification methodology to assess the impact of cyber-physical attacks (CPAs) on critical water infrastructures, such as water distribution networks, by mapping simulation-derived data onto metrics. The approach sets out a three-step profiling architecture to interpret the consequences of failures resulting from CPAs against several dimensions of integrity, adjusted through user-defined service levels. Failure is examined in terms of its magnitude, propagation, severity, and crest factor, while rapidity is used to infer available time slots to react. The methodology is operationalized through a dedicated tool designed to assist water-sector critical infrastructures gauge and assess CPAs. The approach is demonstrated on a benchmark water distribution system, and results and insights from the metrics are presented and discussed. It is argued that the approach and the tool that operationalizes its application can be useful to water companies that need to assess and compare cyber-physical threats and prioritize mitigation actions based on quantitative metrics.
Full text: http://www.itia.ntua.gr/en/getfile/2059/1/documents/ASCEEE.1943-7870.0001765.pdf (1889 KB)
D. Nikolopoulos, G. Moraitis, D. Bouziotas, A. Lykou, G. Karavokiros, and C. Makropoulos, Cyber-physical stress-testing platform for water distribution networks, Journal of Environmental Engineering, 146 (7), 04020061, doi:10.1061/(ASCE)EE.1943-7870.0001722, 2020.
The water sector is facing emerging challenges, as cyber-physical threats target Supervisory Control and Data Acquisition (SCADA) systems of water utilities. A cyber-physical stress-testing platform is presented in this work, named RISKNOUGHT, which is able to model water distribution networks as cyber-physical systems, simulating the information flow of the cyber layer and the feedback interactions with the physical processes under control. RISKNOUGHT utilizes an EPANET-based solver for the physical process and a customizable network model for the SCADA system, capable of implementing complex control logic schemes within a simulation. The platform enables the development of composite cyber-physical attacks on various elements of the SCADA, including sensors, actuators, and PLCs, assessing the impact they have on the hydraulic response of the distribution network and the level of service. The platform is tested on a proof-of-concept benchmark network with promising results that demonstrate that the platform can form an innovative cyber-physical tool to support strategic planning and risk management.
Full text: http://www.itia.ntua.gr/en/getfile/2046/1/documents/ASCEEE.1943-7870.0001722.pdf (7383 KB)
D. Nikolopoulos, G. Moraitis, D. Bouziotas, A. Lykou, G. Karavokiros, and C. Makropoulos, RISKNOUGHT: A cyber-physical stress-testing platform for water distribution networks, 11th World Congress on Water Resources and Environment “Managing Water Resources for a Sustainable Future”, Madrid, European Water Resources Association, 2019.
G. Moraitis, D. Nikolopoulos, I. Koutiva, I. Tsoukalas, G. Karavokiros, and C. Makropoulos, The PROCRUSTES testbed: tackling cyber-physical risk for water systems, EGU General Assembly 2021, online, EGU21-14903, doi:10.5194/egusphere-egu21-14903, European Geosciences Union, 2021.
Our modern urban environment relies on critical infrastructures that serve vital societal functions, such as water supply and sanitation, which are exposed to various threats of both physical and cyber nature. Despite the progress in protection and increased vigilance, long-established practices within the water utilities may rely on precarious methods for the characterization and assessment of threats, with uncertainty pertaining to risk-relevant data and information. Sources for uncertainty can be attributed to e.g. limited capabilities of deterministic approaches, siloed analysis of water systems, use of ambiguous measures to describe and prioritise risks or common security misconceptions. To tackle those challenges, this work brings together an ensemble of solutions, to form a novel, unified process of resilience assessment for the water sector against an emerging cyber-physical threat landscape e.g., cyber-attacks on the command and control sub-system. Specifically, the proposed framework sets out an operational workflow that combines, inter alia, a) an Agent-Based Modelling (ABM) approach to derive alternative routes to quantify risks considering the dynamics of socio-technical systems, b) an adaptable optimisation platform which integrates advanced multi-objective algorithms for system calibration, uncertainty propagation analysis and asset criticality prioritization and c) a dynamic risk reduction knowledge-base (RRKB) designed to facilitate the identification and selection of suitable risk reduction measures (RRM). This scheme is overarched by a cyber-physical testbed, able to realistically model the interactions between the information layer (sensors, PLCs, SCADA) and the water distribution network. The testbed is designed to assess the water system beyond normal operational capacity. It facilitates the exploration of emergent and unidentified threats and vulnerabilities leading to Low Probability, High Consequence (LPHC) events that systems are not originally designed to handle. It also evaluates alternative risk treatment options against case-appropriate indicators. The final product is the accretion of actionable information to integrate risk into decision-making in a practical and standardized form. Our work envisions to bring forth state-of-art technologies and approaches for the cyber-wise water sector. We aspire to enhance existing capabilities for large utilities and enable small and medium water utilities with typically less resources, to reinforce their systems’ resilience and be better prepared against cyber-physical and other threats.
Full text: http://www.itia.ntua.gr/en/getfile/2122/1/documents/EGU21-14903_presentation.pdf (1404 KB)
D. Nikolopoulos, G. Moraitis, D. Bouziotas, A. Lykou, G. Karavokiros, and C. Makropoulos, RISKNOUGHT: Stress-testing platform for cyber-physical water distribution networks, European Geosciences Union General Assembly 2020, Geophysical Research Abstracts, Vol. 22, Vienna, EGU2020-19647, doi:10.5194/egusphere-egu2020-19647, 2020.
Emergent threats in the water sector have the form of cyber-physical attacks that target SCADA systems of water utilities. Examples of attacks include chemical/biological contamination, disruption of communications between network elements and manipulating sensor data. RISKNOUGHT is an innovative cyber-physical stress testing platform, capable of modelling water distribution networks as cyber-physical systems. The platform simulates information flow of the cyber layer’s networking and computational elements and the feedback interactions with the physical processes under control. RISKNOUGHT utilizes an EPANET-based solver with pressure-driven analysis functionality for the physical process and a customizable network model for the SCADA system representation, which is capable of implementing complex control logic schemes within a simulation. The platform enables the development of composite cyber-physical attacks on various elements of the SCADA including sensors, actuators and PLCs, assessing the impact they have on the hydraulic response of the distribution network, the quality of supplied water and the level of service to consumers. It is envisaged that this platform could help water utilities navigate the ever-changing risk landscape of the digital era and help address some of the modern challenges due to the ongoing transformation of water infrastructure into cyber-physical systems.
Full text: http://www.itia.ntua.gr/en/getfile/2061/1/documents/EGU2020-19647.pdf (1199 KB)