Industrial cyber security for Water

Cyber Security Management System

Overview

As a result of SIS’ Operate and Maintain services, a regional water agency in Australia was able to implement a Cyber Security Management System (CSMS) provides the organisational rigour to ensure infrastructure is resilient to escalating cyber threats, and ensuring the right security controls are in place to mitigate risk

Challenge

The availability and delivery of quality water and wastewater is essential for the community. Its provision relies heavily on Operational Technology (OT), including ICS / SCADA, to control and monitor water treatment plants and associated services, in what are typically geographically diverse locations. The increased level of business reliance on infrastructure and associated information systems for continuity of service, to manage and deliver water services to meet increasing public demand, means that if these systems are not secured, cyber adversaries could disrupt or disable the provision of essential services.

It is also important to ensure that operators of OT (ICS / SCADA) infrastructure have the capability to ensure their continued and safe operation, and from a privacy standpoint, organisations must take reasonable steps to protect the personal information they hold from misuse and loss, and from unauthorised access, modification or disclosure.

The development and implementation of a Cyber Security Management System (CSMS) provides the organisational rigour to ensure infrastructure is resilient to escalating cyber threats, and the right security controls are in place to mitigate risk, and optimise operational efficiency by maintaining the confidentiality, integrity and availability of critical infrastructure.

Solution

SIS successfully developed a comprehensive CSMS for a major regional water agency that defines the purpose, direction, principles and basic rules for the foundation, implementation, operation and maintenance of cyber security, that meets organisational, legal and regulatory requirements.

The CSMS addresses people, process, and technology, and aims to continually improve security management within the water agency’s corporate governance structure, representing executive management endorsement of the agreed approach for security management within the organisation. The CSMS ultimately ensures security risks are managed effectively, the agency can contribute to innovation and increased productivity, while maintaining a secure operating environment.

Building a sustainable organisation-wide security capability has been achieved via establishment of the CSMS, with effective security processes that standardise security operations (between IT and OT groups), continually improves operational procedures, and minimises the impact of cyber security risk with effective incident management and business continuity strategies.

If you’d like to know more about our many years of experience in providing industrial cyber security solutions,

Get in touch >

More Case Studies

Sector Scope
Power

SIS’ bespoke approach towards the assessment of critical infrastructure enabled a UK power company to determine compliance to the EU NIS Directive, and to develop an improvement plan towards strengthening resilience to cyber threats.

View Case Study

Oil & gas

Via a technical vulnerability and risk assessment of OT infrastructure for a gas pipeline company, SIS successfully assisted the gas pipeline company to understand their current-state risk posture in order to determine what an appropriate risk appetite (risk level) is, and the prioritisation of mitigation actions in order to reduce the level of risk exposure to cyber threats

View Case Study

Transport

SIS’ industrial cyber security audit services enabled a government statutory authority to benchmark the security posture of state transport agencies, identifying cyber security risks and prioritisation of key actions for risk mitigation.

View Case Study

Water

As a result of SIS’ Operate and Maintain services, a regional water agency in Australia was able to implement a Cyber Security Management System (CSMS) provides the organisational rigour to ensure infrastructure is resilient to escalating cyber threats, and ensuring the right security controls are in place to mitigate risk.

View Case Study

Mining

SIS adopted a top-down, risk-driven approach to develop an enterprise-wide security architecture for a resources company, driven by, and integrated with the organisation’s broader business strategy, focused on technology optimisation to deliver secure mine operations.

View Case Study

Critical Manufacturing

SIS’ industry-leading industrial cyber security training was able to help a metals manufacturer create a stronger culture of security, harmonising with the organisation’s rigorous safety culture, fostering a commitment to industrial cyber security from plant operators and administrators, encouraging users to act responsibly and thus operate more securely

View Case Study

Health

SIS’ specialist industrial cyber security testers applied the latest exploit tools and techniques to perform stress and penetration testing of network connected  medical device technologies, to assess risks to the reliability of devices, and ultimately the safety of patients.

View Case Study