ICT4Water Action Group "Cyber-Security" (CS)
Actions related to this group from the “Digital Water Action Plan”:
1) Develop a common approach to water cybersecurity
2) Contribute in Cybersecurity by developing ICT4Water Anonymization methodologies and procedures
The Cybersecurity action group aims at raising awareness and R&I on cybersecurity in the water sector and to strengthen the collaboration with the European Cybersecurity Network. The Action group is currently formed by four projects:
The STOP-IT project will end in 2021. The STOP-IT consortium has collaborated in different directions: raising awareness about cybersecurity in the water sector, by organizing dedicated thematic communities of practice; supporting water utilities to systematically protect their systems by addressing cyber-physical security as an integrated approach and by developing technological solutions; and improving the ability to cope with new risks, by building competence through training activities.
The aqua3S project aims to combine novel technologies in water safety & security, with the goal of standardising existing sensor technologies while enabling water facilities to easily integrate such solutions in order to detect and tackle water-related crises in a timely manner. Currently in its second year, aqua3S is scheduled to end in 2022.
The NAIADES project aims to address the increased need for sustainable and eco-friendly water methodologies by defining a new ICT framework, with a wider scope than a sole technical proposition. Driven by the need to yield an end-to-end, uniform approach, NAIADES takes into account issues pertaining to cost, safety, complexity, vulnerability, societal acceptance, user behavior & ethics
Action Group news
The Cybersecurity Action Group has established contacts with the most relevant stakeholders in the European cybersecurity ecosystem to discuss and reinforce the role of the water sector in the coming cross-industry policies on the topic:
The Action Group is in the process of establishing a collaboration with the capacity building unit of ENISA to facilitate the challenging process of implementing the revised NIS and Critical Entities Resilience Directives.
The Action Group has also initiated discussions with the European Cyber Security Organisation (ECSO) in order to explore potential synergies between the two initiatives towards strengthening the cybersecurity and water nexus.
The Action Group is involved in the current conversations between the BRIDGE Energy cluster and the ICT4Water around the topic of the formulation of a reference architecture for data sharing from a multi-industry perspective including the Water-Energy nexus.
The Cybersecurity Action Group is currently working on a White Paper on Cybersecurity in the water sector that will be published in order to raise awareness on the emerging aspect of security in the water field. The paper focuses on relevant challenges and gaps related to the Cybersecurity in the Water Sector and provides best practices and recommendations accordingly. Additionally, the paper also covers the coming policies on Cybersecurity (such as the NIS2 Directive) and Critical infrastructure protection by discussing how stakeholders in the water sector can address its implementation.
As a preliminary step, a survey among the cluster projects has been launched in order to map the cybersecurity priority risks potentially created by the introduction of innovative digital solutions in the water sector. Aggregated and anonymized outcomes from the survey will be used and presented in the coming whitepaper, followed by a discussion on how to prevent and / or mitigate them. societal and economic benefits.
The Cyber-security Action Group has provided its feedback through the public consultation on the revised Directive on Security of Network and Information Systems - NIS Directive (NIS2) by highlighting a list of recommendations under the prism of the water sector. Those recommendations cover potential issues raised by heterogeneity on the definition of Operators of Essential Services (OES) by EU Member States (MS), the needs of the private sector during the implementation and operation phase of this Directive, the need to widen the scope of information sharing to further embrace private entities, as well as the suggestion to utilise already developed solutions by recent EC funded research projects in order to overcome potential implementation challenges.
Further information on the NIS2 directive can be found at https://ec.europa.eu/digital-single-market/en/news/proposal-directive-measures-high-common-level-cybersecurity-across-union