Cybersecurity and water management: towards efficient networks in all circumstances

Cybersecurity and water: facing multiple highly sensitive challenges

Water is the ultimate vital resource, and an industry with a particularly critical infrastructure. In areas ranging from production issues to security imperatives, Stormshield helps the various players in water management to achieve greater cyber-serenity.

Major human risks

The prospect of a population being poisoned through water pollution illustrates the major environmental and human risks faced by this industry. But the failure of its critical activities can also have economic repercussions on all other sectors; for example, if distribution is interrupted.

To enable IT managers and the entire ecosystem of subcontractors in the sector (integrators and manufacturers) to immerse themselves in the state of the art of cybersecurity in the water industry, we have written a white paper dedicated to the subject. In the thirty pages or so of this whitepaper, we propose to decipher the issues facing the water sector and offer you an operational inventory of possible solutions.

Physical and geographical characteristics

Water industry infrastructures are physical environments that face significant constraints in terms of accessibility, temperature, humidity, etc. For this reason, their information system equipment is required to deal with additional risks, such as corrosion. Unlike traditional IT environments, it is not always possible to gain physical access when the need arises, whether for scheduled maintenance or a rapid response to an incident. Such operations themselves represent a potential additional threat, often requiring the involvement of subcontractors with varying levels of trust. Finally, the networks and buildings that make up this particular operating environment often remain in use for several decades.

However, interruptions to their activity for the purpose of hardware upgrades are problematic. In addition to this risk, there is a potential data vulnerability, as these distributed networks – which generally cover several sites (water towers, treatment plants, etc.) – exchange sensitive information with each other.

Regulatory constraints

Given the issues at stake, water management is subject to strict regulations. At national French level, many players in the sector are thus considered as “operators of vital importance” (OIVs) and must therefore comply with the requirements of France’s Military Planning Law (LPM). This list of players is expanded still further at European level, with operators of essential services (OESs) being required to follow the recommendations of the Network and Information Security (NIS and NIS2) directive.

With Stormshield, adopting the right reflexes can be summed up in three key words: protection, qualification, compliance.

Ensuring the availability and performance of networks under all circumstances

For the water industry – as in many other critical sectors – ensuring the performance and availability of networks is of paramount importance. It is also essential to segment these electronic and operational networks in order to prevent increasingly complex and elaborate cyberattacks.

Within such large infrastructures, it can be difficult to deploy and manage security equipment easily, especially in the absence of an expert at each site. For this reason, the use of remote maintenance and control is particularly attractive as it provides secure remote access to technicians and third-party service providers. The challenge remains to install the security elements on site as physically close as possible to the equipment to be protected, without an IT rack and in a constrained physical environment. Hence the importance of being able to space out hardware upgrades and extend the life of infrastructures with live system support and security maintenance (MCO/MCS).

Establishing trusted communication channels

From a data perspective, water management infrastructures are required to encrypt information being exchanged between remote sites to prevent it from being altered. This means establishing trusted communication channels to ensure both confidentiality and integrity of information. Stormshield addresses each of these requirements by providing a suitable, reliable and scalable solution.

With Stormshield XDR, you can effectively combine Stormshield solutions. Be notified of incidents based on analyses of your endpoints, networks, web files and emails before managing the response with your various security products, driven by centralised incident management. This is the ideal combination for alerting you in real time and managing a rapid, long-term response on both the network and endpoints.

Deploying certified, responsive Stormshield solutions

Protect your networks with SNS

Our Stormshield Network Security (SNS) firewall range ensures business continuity through its high-availability and network bypass features. Network segmentation is used to protect operational networks and isolate sensitive devices. In addition, in-depth and contextual analysis of OT protocols prevents known and unknown attacks. Granular control over authorised messages and custom patterns is also part of our functionality. In addition, we have designed ruggedised firewalls to address the requirements of highly constrained environments, such as the water industry. Find out more about our industrial firewalls and their ease of installation in electrical cabinets.

Our SNS firewalls also provide data encryption through the creation of VPN tunnels (site-to-site IPSec and mobile VPN SSL or IPSec) and user authentication for network data flows. Finally, centralized management of multiple distributed SNS solutions is made possible by our Stormshield Management Center (SMC) centralised administration solution.

Rely on trusted cybersecurity products

Here at Stormshield, we believe that if you want to create cyber-serenity, you need trusted products. This is why our solutions are built to meet the most demanding European standards, and are certified at the highest European level. For example, the SNi40 is the only industrial firewall with an ANSSI Elementary level qualification as an industrial network protection product – a strong endorsement of confidence and quality from a major player on the European scene.

With Stormshield, give your business cyber-serenity. Do you want to find out more about our solutions? Our teams remain at your disposal to identify the needs of your water network or infrastructure and provide you with the most effective solutions.