IT Security of Wastewater Treatment Plants in NRW below the KritisV

subKRITIS – Assessment of the IT security level of small and medium-sized wastewater treatment plants in North Rhine-Westphalia below the KritisV (Verordnung zur Bestimmung Kritischer Infrastrukturen nach dem BSI-Gesetz) threshold

subKRITIS_0064__c_FiW_1144x625.jpg
Manipulable digital interface on a wastewater treatment plant.  © FiW e. V.
1 / 5
subKRITIS_0014__c_FiW_1144x625.jpg
Manipulable measuring device that can influence the sewage treatment plant control.  © FiW e. V.
2 / 5
subKRITIS_0062__c_FiW_1144x625.jpg
Unprotected gate, which can only be physically moved by handwheel without electrical connection.  © FiW e. V.
3 / 5
subKRITIS_Massnahmen_Zeitplan_en__c_FiW_1144x625.jpg
Recommended timeline for the implementation of measures in the short and long term.  © DVWG S&C
4 / 5
subKRITIS_B3S_WA_en__c_DVWG_1144x625.jpg
Answers to the B3S WA normalized by layers according to decreasing number positive answers. 
5 / 5

Wastewater treatment plants below the KritisV threshold are not obliged to take any information security measures. To determine the status of the IT security level, 13 wastewater treatment plants in East Westphalia, which are below the KritisV, were examined. For this purpose, an assessment was carried out based on the industry-specific security standard for water/wastewater (B3S WA). In addition, the effects of different attack scenarios were estimated using modeling and simulations. Based on this, technical policy approaches were derived to increase the general IT security level of wastewater treatment plants. In addition, specific IT security recommendations were developed for the participating operators and general measures were extracted.

More about the MUNV funded subKRITIS Project