ICS Architecture of Drinking water system
The current industrial control systems (ICS) are sophisticated assemblages of processes, people, and technology that work in unison to successfully perform the missions as well as the business functions of a company. Those systems have helped to improve water services, and they have increased the reliability of this infrastructure. As these industrial; control systems are becoming affordable and easy to use, they have attracted the attention of most utilities that now use them to monitor and control processes. That reliance has made the water sector and other infrastructures like energy, agriculture, and food to be potentially prone to the targeted cyber attacks or other accidental cyber events. In this paper, there is a description of the way ICS is having usage in the drinking water sector and the security infrastructure for the same.
Introduction to Drinking Water industry
Water is the most important element that is the requirement for the human activities on the earth including domestic, agriculture, and industrial use. Unfortunately, the quality of water around the world is very poor, and this is getting worse. While water covers more than 70 percent of the Earth, it is only about 0.01 percent that is usable as drinking water. Water treatment plants are in a variety of sizes, and no tow plants are the same. However, whether the systems are privately owned or publicly owned, there is one goal shared among them all and that is; to offer a source of safe drinking water to their societies. The treatment of water has its basis on the quality of the source of the water, the size of the treatment plant, and if surface or ground water is leveraged.
Improving the water services as well as sustainability, while ensuring affordability, has resulted in an increased dependence on the information technology. Almost all the efforts aimed at reducing costs, enhancing operations and improving the overall return investments on the information technology infrastructure that supports the utility’s critical assets and functions (Comas et al., 2000). Even though the use of the information technology systems within the ICS systems has led to high gains in productivity and reliability, they have also brought about high vulnerability of the sector to malicious cyber attacks. The water sector utilities do rely upon the ICS to perform their business functions and missions successfully. The ICS system allows for monitoring of the water source, control of the treatment processes, high quality, and the delivery of the finished water (Clark, Hakim & Ostfeld, 2011).
ICS Architecture Design
The ICS network incorporates many types of control systems such as the supervisory control and the data acquisition, distributed control systems, and the programmable logic controllers. The SCADA system consists of highly distributed systems that are useful in controlling the geographically dispersed assets with a central data acquisition and control subsystem critical to the operation of the system (Stouffer, Falco & Scarfone, 2011). The SCADA systems are used for water distribution and the collection systems of wastewater in the water sector. The distributed control system also supervises multiple and integrated sub-systems that are useful for controlling the details of the localize processes like the water and wastewater treatment. The programmable logic controllers are solid-state devices that are computer-based, and they control the industrial equipment and processes. Those systems all make the ICS architecture.
The system is arranged to control the reservoir, the central control substation, the treatment plant, and the pumping stations. The ICS components work under the proliferation station of human-machine interfaces, the control loops, maintenance tools, and the remote diagnostics.
Statement of Need
The implementation of the ICS systems in the drinking helps in the production of water that is reliable and safe. It helps the industry to operate without any loss of the critical functions in crucial applications during and after the cyber event. ICS helps to protect the water sector equipment from intentional, natural, and accidental damage. It focuses on the critical functions of the critical applications, the ones that if lost can lead to loss of life, environmental damage, severe economic damage, human health impacts, public endangerment, and the loss of public health confidence (WSCCCS Working Group, 2008).
- Intranet Communication
A water system uses process control systems to monitor and control the distribution network, the wastewater collection systems, and the major treatment plants. The various components of the intranet including the control loops, remote control systems, the maintenance tools, and the human-machine interfaces communicate over short- as well as long-range channels such as the Internet and public switched networks using the wireless media or the traditional cables.
Figure: Use of Internal communications using control networks
- Secured Site
The usage of the industrial control system in the drinking water industry has helped to reshape the industry’s security landscape and the cyber security posture (Weiss, 2014). The ICS is increasingly operating with the data as well as the business systems aimed at supporting the emerging security management functions. The utility is installing more control systems for the purpose of operating the assets, taking readings, and recording the condition-monitoring data. The vulnerability scanner that was released in 2006 allows individual outside the utility to quickly identify vulnerabilities.
Security patterns for ICS Architecture
The development of network segmentation architecture is in requirement through the employment of security zones based on the risk levels. The high-risk zones are isolated from the others, or a barrier device is employed to separate the high-risk zones from the rest of the zones using different security policies. Network segmentation also means that there is no access to the zones containing critical resources.
The ICS is set to ensure system event monitoring as well as log management so as to help in improving the enterprise audit and logging capabilities. That log management helps to monitor the activities of the internal and external people that try to log into the system.
A typical way of gaining ICS remote access is the usage of the human machine interfaces. The pane-mounted human interface machine interfaces fitted with built-in Web server capabilities offer a remote access trough the Web browser. The SCADA software can also be leveraged to allow remote access.
The network security is provided through the use of firewalls and the definition of demilitarized zones. The firmware modules can also be installed and incorporate the security features like the asset management, firewall, content inspection, and VPN with particular protocols such as the Modbus or the OPC.
ICS Network Architecture
The ICS consists of various components that interconnect and help in the processing, distribution, and monitoring of the water processing tasks. In this network architecture, there are also components of the remote terminal unit (RTU) that constitutes of sensors that are essential in identifying the operations performed in the water processing. The SCADA system helps in water distribution and the collection systems of wastewater in the water sector.
Microcontroller based SCADA
The microcontroller based SCADA uses the GSM with the capability of controlling and monitoring the water processing industrial processes and switching of the electronic devices. Two microcontrollers are leveraged, one at the input section while the other is in the output section. The one at the input serves as a transmitting section whereas the one at the output section drives the outputs that control the processes in a real-time.
Figure: GSM Microcontroller for SCADA architecture
Types of Systems Used for Converting Drinking Water
The floc blanket clarifiers are used to remove particulates by entrapment in a layer that contains suspended floc when the water is moving upward. There are also the rapid sand filters that consist of activated carbon above the sad trough which the water moves and the organic compounds are removed. The desalination systems are also used to remove salt from the salty water so that it can become drinking water.
Extraction Process of Pure Water from Waste Water
The process begins with the pre-treatment where the contaminated effluent in the wastewater is processed via a series of filters aimed at removing large contaminants before the water proceeds to the fine filter mesh for smaller object removal (Lee et al., 2002). The primary treatment then follows where oils, lighter matters, and grease rise to the surface and are removed. The next step is the secondary treatment where the dissolved, as well as the suspended biological matter, are removed via media or membrane filtration.
ICS Security Architecture
The water processing organizations use a layered architecture that separates the components of a water sector PCS by levels, leveraging the access control lists to communicate between the levels while keeping the parts which are most critical in the deepest as well as the most secured network level (Weiss, 2014). The network can be secured further by logically segmenting the system based on the industry-standard subnet organization. The network-connected equipment is then divided into VLANs for the purpose of allowing robust communication between the components over the same media. By designing the wastewater treatment ICS network architecture in a layered manner using the logical network segmentation and organization, the implementation and maintenance of the network is simplified thereby enhancing the overall security of the network.
Top of Form
Clark, R. M., Hakim, S., & Ostfeld, A. (2011). Handbook of water and wastewater systems protection. New York: Springer.
Comas, J., Poch, M., i Marrè, M. S., Cortés, U., Lafuente, J., & Roda, I. R. (2000). Wastewater treatment improvement through an intelligent integrated supervisory system. Contributions to science, 453-462.
Lee, D. S., Jeon, C. O., Park, J. M., & Chang, K. S. (2002). Hybrid neural network modeling of a full‐scale industrial wastewater treatment process. Biotechnology and bioengineering, 78(6), 670-682.
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16-16.
swiss, J. (2014). Industrial Control System (ICS) cyber security for water and wastewater systems. In Securing Water and Wastewater Systems (pp. 87-105). Springer International Publishing.