Factors that can affect a cyber security sociotechnical plan

 Find an example that illustrates a potential impact for your sociotechnical plan.

The focus of my sociotechnical qualitative research will be on the methodology employed by those responsible for securing the cyber physical systems in water and wastewater plants. The research will seek to understand the procedures, and mechanisms that are used to ensure that the ICS/SCADA/OT networks are protected against cyber security vulnerabilities and any cyber security incident. “Cybersecurity incident is described as a maliciously launched directive from cyber space with an intent to cause adverse consequences to a target sector/organization/industry or specific entity” (Omotayo, 2021). Cyber security in the water sector is especially important as cyber-attacks on the cyber physical systems that is used to operate the plants can have detrimental effects on the general public’s health and as well as national security. “Cybersecurity attacks on water sector operations would have significant effects on different sectors which could lead to a devastating damage to public health and safety, serious threat to national security, water operational malfunction, service outages and loss of valuable operational data. Sensors, pumps and actuators for process control are part of cyber components of the Cyber-Physical System (CPS). (Omotayo, 2021).

Bringing greater awareness to the need for cyber security improvements in the water sector is aimed at preventing a repeat of some of the following compromises that have occurred across a wide cross section of utilities.

At Five Water Utilities, USA in 2014 they started experiencing problems with their smart water meters. The problems were inaccurate billings and the deactivation of the RF tower base station which was used to collect the signals from the meters and transfer them for processing. This occurred in 10 different regions that were vast distances from each other. Eventually it was found out that it was caused by a fired employee of the company that manufactured the smart water meters. He was an RF engineer and used his access, which was not deactivated, to connect to the base station, change root level passwords and modify the radio frequencies being used.

At an undisclosed utility in the USA in 2016 they hired Verizon Security Solutions to do a vulnerability assessment. The assessment revealed several high-risk vulnerabilities which then caused the process to be escalated to a full response and investigation. The investigation revealed the company’s internet traffic correlated to those of known state sponsored cyber criminals. Ultimately it was found that the exploitation of an internet facing payment application server through which the state sponsors cyber criminals were able to manipulate the utility’s valve and flow control processes.

This is but a small sample of the need for improved cyber processes within the water utility and the direct benefit that can occur from thorough sociotechnical research into cyber hygiene practices in the water sector.

 

Describe 2 of the forces that may affect your innovation idea.

Two forces that can affect research are lack of collaboration and ethical concerns. A lack of collaboration can result from an unwillingness to share data. This is expected to a certain extent in any research in any entity’s cyber practices and the data that would be discussed requires encryption and anonymization to ensure non exposure of an organization’s cyber vulnerabilities. Ethical concerns can be in the form of personal privacy rights of the interviewee. This can also be satisfied by ensuring the data is anonymized and reviewed be each interviewee before it is released to the public.

References: -

 

Hassanzadeh, A., Rasekh, A., Galelli, S., Aghashahi, M., Taormina, R., Ostfeld, A., & Banks, K. (2020). A Review of Cybersecurity Incidents in the Water Sector.

Omotayo, A. (2021). Cybersecurity and water utilities: factors for influencing effective cybersecurity implementation in water sector.