Accelerating Cyber Security Improvements for Critical Infrastructure Industrial Control Systems

James E Lerums, Purdue University


This thesis study introduces operational concepts for accelerating necessary cyber security improvements for critical infrastructure industrial control systems. National critical infrastructures’ industrial control systems experienced a 20% annual increase in cyber incidents during fiscal year 2015 (DHS ICS-CERT, 2015). Industrial control systems are used in several critical infrastructure sectors to include energy, transportation, manufacturing, and water utilities. Critical infrastructures support public health and life safety, economic vitality, national defense, and overarching societal well-being. Significant damage or disruptions to a critical infrastructure could result in potentially catastrophic and cascading consequences. For example, a disruptive cyber-attack on a water utility would have life safety and health consequences when fire hydrants fail during a fire, and hospitals’ operations are impaired. The operational concepts introduced in this study refers to the assessment and integration of procedures, organizations, training, materiel, leadership, personnel, facilities, and regulations to plan and execute with the specific goal of accelerating cybersecurity improvements. This study will focus on cybersecurity for Indiana water utilities referencing its public and private cybersecurity team, standards, procedures and lessons learned from the State of Indiana’s 2016 cyber exercise. The Indiana Department of Homeland Security led this functional cyber exercise with public and private partners during May 18 and 19, 2016, using the Muscatatuck Urban Training Center’s water treatment plant and distribution system. Outcomes of this study were the identification of Indiana water utilities’ cybersecurity capability gaps and recommendations to improve prevention, and resilience to cyber-attacks from an operational perspective. This thesis recommends continuing emphasis of operational concepts to accelerate reversing the rising trends of critical infrastructure cyber incidents




Dietz, Purdue University.

Subject Area

Information Technology|Computer science

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server