A water management company deployed SilentDefense to improve their cybersecurity posture and keep up with evolving regulatory standards
This major water company delivers a safe, clean and sufficient supply of water for human consumption to over 1.3 million people. The scope of the company’s services includes the entire water management cycle, from the treatment of wastewater to ensuring the safety of dykes and proper water levels in natural areas.
Compliance is an ever-evolving and costly challenge. Within the utility world, more and more standards and regulatory frameworks now define all things cybersecurity and safety. For this customer, a national regulatory standard mandated the monitoring of all system assets. The company’s objective was to proactively tackle compliance through periodical risk assessment and continuous industrial control system (ICS) network monitoring to be prepared for stricter safety and network security regulations. These requirements demanded more effective asset management, improved network segmentation and mature industrial cyber threat assessments and reporting capabilities across a complex IT-OT environment.
A multi-year project was set up to assess and deploy network monitoring at the company. The initial scope of the project began with one pilot site. After a successful pilot, they began progressively deploying SilentDefense at all their sites. The project represented an unprecedented improvement of the company’s overall ICS network cyber resilience. Monitoring had been initially deployed only for regulatory compliance, but since its implementation, the company has utilized it for multiple objectives beyond just regulatory compliance, including:
• Change Management & Commissioning: Monitoring the flow of changes to the system and alignment with documentation.
• Network Policy Monitoring: Preventing unauthorized and/ or dangerous behaviors like unscheduled maintenance.
• Process Validation: Checking the correct execution of complex or new processes on the ICS network.
The company has integration with ticketing/help desk systems for increased automation and is ready for further integration with the broader security ecosystem.Click below to share this article