Water
There is a Human Right to Water and Sanitation, recognised by the United Nations in 2010 and implemented in international law.
If you work in the water sector you will know this very well that water is critical to society.
When drinking water supply is unexpectedly cut, or if there is a problem with waste water processing, such a breakdown in service provision could be the result of a cyber attack.
The reasons for Critical National Infrastructure cyber attacks are many, but include:
State-based attacks
Corporate espionage
Disgruntled employees
Accidental/Unknowing actors
or a combination of any/all of the above
Why ARE Water systems vulnerable to cyber attacks?
Water providers, like many industrial organisations, want to see efficiencies in their automation systems. For this reason, they are investing in newer supervisory and data analysis systems which connect existing Operational Technology (OT) networks with Information Technology (IT) networks and Industrial Internet of Things (IIoT) networks.
Unfortunately, this opens up the OT network to increased threat of cyber attack. If disruption were to occur on OT systems, then business continuity could slow down to a complete halt. This leads to a lack of supply to society, and potential fines from regulators.
Cyber Security Regulation - Your responsibilities
Ask yourself
How are you managing cyber security risk?
How are you protecting against cyber attacks?
How are you detecting cyber security events?
How are you minimising the impact of those incidents?
There are regulations in place in many countries which attempt to ensure that Critical National Infrastructure providers are striving towards the highest levels of cyber security on both their IT and their OT systems. In the United Kingdom and throughout Europe there is the Network & Information Systems Directive on Security (“NIS Directive”) which was written into law across the European Union in 2018. In the United States of America, there are similar regulations in place which attempt to promote use of cyber security standards and frameworks, such as NIST CSF.
We can help you
We have years of experience in cyber security, digital forensics, incident response and software engineering. We also understand the unique challenges and requirements of Operational Technologies (OT). Awen develops software solutions from the ground up with these OT-specific challenges and requirements in mind, and we know that we cannot simply re-purpose (or rebrand) existing IT tools.
Perhaps you would like to make the whole NIS Directive auditing process a lot simpler, more automated and a bit more collaborative - and avoid complicated spreadsheets. Profile is built with the NCSC Cyber Assessment Framework (CAF) at its core.
Profile is built for you.
Maybe you are looking for a more in-depth understanding of the OT assets and their vulnerabilities, but in a way that is automated but still safety and security critical. Dot currently has support for Modbus, Siemens S7, DNP-3, Ethernet-IP and more.
Dot isbuilt for you.
Or perhaps you are looking for something a bit more bespoke, or require some consultancy. If we can help, we will. If we can’t help, then we will work with our partners to deliver the services and systems that you require.
Contact us today to chat about the possibilities - with a guarantee of no hard-sell
hello@awencollective.com