Cybersecurity and water management
Towards efficient networks in all circumstances
Water is the ultimate vital resource, and an industry with a particularly critical infrastructure. In areas ranging from production issues to security imperatives, Stormshield helps the various players in water management to achieve greater cyber-serenity.
The prospect of a population being poisoned through water pollution illustrates the major environmental and human risks faced by this industry. But the failure of its critical activities can also have economic repercussions on all other sectors; for example, if distribution is interrupted.
Water industry infrastructures are physical environments that face significant constraints in terms of accessibility, temperature, humidity, etc. For this reason, their information system equipment is required to deal with additional risks, such as corrosion.
Unlike traditional IT environments, it is not always possible to gain physical access when the need arises, whether for scheduled maintenance or a rapid response to an incident. Such operations themselves represent a potential additional threat, often requiring the involvement of subcontractors with varying levels of trust.
Finally, the networks and buildings that make up this particular operating environment often remain in use for several decades. However, interruptions to their activity for the purpose of hardware upgrades are problematic. In addition to this risk, there is a potential data vulnerability, as these distributed networks – which generally cover several sites (water towers, treatment plants, etc.) – exchange sensitive information with each other.
Given the issues at stake, water management is subject to strict regulations. At national French level, many players in the sector are thus considered as “operators of vital importance” (OIVs) and must therefore comply with the requirements of France’s Military Planning Law (LPM). This list of players is expanded still further at European level, with operators of essential services (OESs) being required to follow the recommendations of the Network and Information Security (NIS) directive. For more information, read our dedicated ebook.
For the water industry – as in many other critical sectors – ensuring the performance and availability of networks is of paramount importance. It is also essential to segment these electronic and operational networks in order to prevent increasingly complex and elaborate cyberattacks.
Within such large infrastructures, it can be difficult to deploy and manage security equipment easily, especially in the absence of an expert at each site. For this reason, the use of remote maintenance and control is particularly attractive as it provides secure remote access to technicians and third-party service providers. The challenge remains to install the security elements on site as physically close as possible to the equipment to be protected, without an IT rack and in a constrained physical environment. Hence the importance of being able to space out hardware upgrades and extend the life of infrastructures with live system support and security maintenance (MCO/MCS).
From a data perspective, water management infrastructures are required to encrypt information being exchanged between remote sites to prevent it from being altered. This means establishing trusted communication channels to ensure both confidentiality and integrity of information.
Stormshield addresses each of these requirements by providing a suitable, reliable and scalable solution.
Our Stormshield Network Security (SNS) firewall range ensures business continuity through its high-availability and network bypass features. Network segmentation is used to protect operational networks and isolate sensitive devices. In addition, in-depth and contextual analysis of OT protocols prevents known and unknown attacks. Granular control over authorised messages and custom patterns is also part of our functionality.
In addition, we have designed ruggedised firewalls to address the requirements of highly constrained environments, such as the water industry. Find out more about our industrial firewalls and their ease of installation in electrical cabinets.
Our SNS firewalls also provide data encryption through the creation of VPN tunnels (site-to-site IPSec and mobile VPN SSL or IPSec) and user authentication for network data flows. Finally, centralized management of multiple distributed SNS solutions is made possible by our SMC centralised administration solution.
Here at Stormshield, we believe that if you want to create cyber-serenity, you need trusted products. This is why our solutions are built to meet the most demanding European standards, and are certified at the highest European level. For example, the SNi40 is the only industrial firewall with an ANSSI Elementary level qualification as an industrial network protection product – a strong endorsement of confidence and quality from a major player on the European scene.
With Stormshield, give your business cyber-serenity. Do you want to find out more about our solutions? Our teams remain at your disposal to identify the needs of your water network or infrastructure and provide you with the most effective solutions.