•  
  •  
 

Abstract

Critical water infrastructure in the United States faces increasing cybersecurity threats from state-sponsored actors, with potentially devastating consequences for national security, economic stability, and public health. (Cybersecurity and Infrastructure Security Agency, 2025). This infrastructure supports defense critical assets and is actively being targeted by various state-sponsored hacking groups, which poses a major concern for civilians and military alike. K. Herath (personal communication, February 24, 2025) reported being aware of two attacks on Ohio water systems during his tenure as Cybersecurity Strategic Advisor to Ohio Governor Mike DeWine.

Water is essential to everyday life and defense and presents as a high-value target that will be attacked by other nation-state actors in the event of a larger cyber campaign (Wingfield, 2023). This research addresses the vulnerability of water systems by proposing a novel security framework that integrates blockchain technology with unsupervised machine learning techniques to create and maintain immutable attack fingerprints or "personas"- living data-identities of people, machines, etc.

Blockchain technology in its most basic form is a distributed, immutable ledger that can be used to store data and is controlled by various nodes. By recording system activities and operational data on a distributed, tamper-evident blockchain, we develop a methodology for capturing the distinctive behavioral patterns of threat actors while preventing the manipulation or deletion of security logs that typically occurs during sophisticated attacks. Our research explores how organizations can utilize trained machine learning and clustering techniques to identify personas. We show that this technique can prove to be a powerful tool to expand threat intelligence for critical infrastructure providers.

Download

Share

COinS