Securing Digital Water Treatment Plants
Protecting Water Utilities From Evolving Cyber Threats
Customer/ Partner:
Detroit Water and Sewerage Department.
Customer Requirement:
Water and Wastewater Plant in North America.
Waterfall’s Unidirectional Solution:
Unidirectional Security Gateways protect industrial control systems, including SCADA systems, individual controllers and PLCs with an impassable physical barrier to external network threats, while enabling enterprise-wide access to real-time production data.
Water Processing Modernisation And Containing Remote Cyber Threats
Water utilities have embraced industrial digitization to enhance the efficiency of treatment plant operations. Critical goals such as keeping a consistent supply of raw water, eliminating contaminants, and maintaining supply of finished water, are more easily achieved when leveraging technology enabling real-time visibility into plant operations. Industrial digitization offers a multitude of benefits including preserving water chemistry, efficient storage processes, and efficient distribution methods. However, the increased digitization of water production also leads to an increase in cybersecurity vulnerabilities potentially leading to a loss of control of connected devices that regulate water quality, plant production and consumer safety.
The challenge
To secure the safe, reliable and continuous operation of water and wastewater process control system networks from threats emanating from less trusted external networks, yet still provide real-time access to operations data for the corporate network. Hydraulic analysis applications reside on the enterprise network as they require access to GIS information and applications describing the water system, yet must receive real-time reservoir levels, pressures and pump status indications from the operational network. Equipment status information, 5-minute sewer billing information and other readings must also be pushed from the operational network to the enterprise network.
Waterfall solution
A Waterfall Unidirectional Gateway installed between the industrial control system (ICS) and the enterprise network replicates an OSIsoft PI server from the ICS to the enterprise network where enterprise clients interact normally and bi-directionally with the replica. An additional connector replicates a file server for routine file transfers to the enterprise network, eliminating routine use of USB drives and other removable media.
Results & benefits
100 % Security: The industrial network is now physically protected from threats emanating from external, less-trusted networks.
100% Visibility: The enterprise network continues to operate as if nothing has changed. Instead of accessing servers on the critical operational network, users on the external network now access real-time data from replicated servers for all informational and analytical requirements.
100% Compliance: Unidirectional Gateways facilitate compliance with AWWA standards, as well as other North American and global industrial cyber security standards and regulations.
Theory of Operation
Waterfall Security is the market leader in Unidirectional Gateway technology with installations at critical infrastructure sites across the globe. The enhanced level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by many leading industry standards bodies such as AWWA, NIST, ANSSI, the IEC, the US DHS, ENISA and may more.
Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.
Unidirectional Security Gateways Benefits:
Safe, continuous monitoring of critical systems
Protects product quality, safety of personnel, property and the environment
Simplifies audits, change reviews, and security system documentation
Disciplined, on-demand and scheduled updates of plant systems, without introducing firewall vulnerabilities
Replaces at least one layer of firewalls in a defense-in-depth architecture thereby breaking the chain of infection and pivoting attacks
Share
Trending posts
Insights into Nation State Threats – Podcast Episode 134
Infographic: Top 10 OT Cyberattacks of 2024
Andrew Ginter’s Top 3 Webinars of 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
