The recent Government announcement to water and sewerage companies in England and Wales has outlined how companies can ensure national security and mitigate the impact of civil emergency. The announcement outlines clear goals, but it does not specify how to achieve them.
Here Shimon Peretz, VP of Business Development at IXDen, the pioneer of a biometric identity for industrial equipment, explains how monitoring data at the physical layer, where it is generated, can address the new security and emergency measures requirements in the water industry.
In the water industry, customers’ well-being can be seriously endangered by OT failures and cyberattacks. To address this, the UK Government has released an updated policy paper to provide ministerial direction to water companies so they can meet the new requirements for security and emergency measures.
The new Security and Emergency Measures (Water and Sewerage Undertakes and Water Supply Licensees) Direction 2022 came into effect as of March 1st. The direction details the measures, processes and procedures water companies are expected to have in place and follow, to ensure water supply continues, even in the event of unavoidable failure to piping. The policy also includes requirements for sewerage functions to decrease pollution and leakages from affecting our environment and aquatic life.
However, the information given discusses little in terms of specific implementations to achieve these goals. Despite having no examples of how to accomplish the requirements, the direction says companies must “use such up-to-date technology and systems as are appropriate to ensure the ongoing security of relevant assets, supporting infrastructure and their operations.” But what are the most effective technologies to prevent cyberthreats and ensure OT functionality?
Achieving full data visibility
There are four different levels to consider in creating a cyber-secure network; the cloud level, enterprise-level, programmable logic controller (PLC) level and the physical layer, where end devices such as sensors and industrial equipment such as chlorin pumps, chemical analysers and more are situated. Most companies have robust cybersecurity strategies for the first three layers, such as implementing firewalls, intrusion detection and prevention systems, network access control, and deception tools. However, the physical layer is often overlooked. Recent data suggests that most industrial cyberattacks occur on the sensor level. By neglecting these devices, companies are providing a trojan horse with which hackers can access their networks.
Moreover, most of today’s industrial processes are based on outdated configurations. They were built when bandwidth resources were limited, so most sensor data had to be processed locally at the PLC or RTU layer. Therefore, only about 20 per cent of sensor data is propagated upwards to the network level. With 80 per cent of data left unaccounted for, companies cannot have full visibility of the health state of their OT environment.
This means that this data cannot be trusted. The first reason is it could have been infiltrated by cybercriminals at the physical layer, and the second is that sensors could be misfunctioning as a result of failure or natural ageing.
The importance of monitoring data at the source
This is why IXDen, the company that created the concept of a biometric identity for industrial equipment, launched a single self-contained solution that monitors equipment data at the source, combining OT failure prediction and cybersecurity in one software. IXDen’s patented solution is the first fully autonomous software to create a dynamic behavioural model of each device, both in isolation and as part of interrelated process dependencies.
The software collects 100 per cent of the data transactions directly from all the equipment and sensors to create a biometric behavioural model and multi-factor authentication to each device, both in isolation and as part of interrelated process dependencies. In this way, the software alerts the plant personnel to anomalies that signal OT failures, such as leakages, or cyberattacks. Analysing 100 per cent of the data transactions at the physical layer allows validation of the overall health and reliability of an OT system, as well as identifying behaviours with extreme accuracy.
Crucially, the health state of equipment is summarized by a single score and a traffic light performance indicator. This means that operations managers have an intuitive way of monitoring the whole OT system at a glance, with the ability to drill down on the root causes of problems if necessary.
Mekorot, Israel’s national water carrier, has chosen to implement IXDen’s solution to cover OT sensor anomaly detection for better predictive maintenance and cybersecurity in its vast supply network. The network comprises 13,000 km of pipelines, 3000 water production plants, 25 desalination sites and supply installations and millions of sensors.
In 2020, Mekorot experienced two cyber-attacks on its infrastructure that if successful would have poisoned hundreds with chlorine. Although no damage was done the company chose to use the time after the attack to reinforce its cybersecurity. Using the IXDen solution Mekorot found that it predicts failures 14 to 60 days in advance, failures that were not detected by the existing systems in place. It is estimated that the OT failure predicting abilities of IXDen’s software will help the company save millions of dollars every year.
Mekorot is one of the most advanced water carriers in the world and its holistic approach to OT failure prediction and cybersecurity could be successfully implemented in our country. This technology is currently being launched on the American market, with IXDen planning to expand to the UK. This would provide water companies with a valuable tool to achieve the goals outlined in the 2022 Security and Emergency Measures, covering both cybersecurity and OT failure prediction with one cost-effective investment.
In safety-critical sectors such as water management, companies have a moral and social responsibility to keep data safe and cannot afford to be using outdated technology. Monitoring data directly where it is generated is the only way to ensure cybersecurity and failure prediction, protecting core equipment while safeguarding consumers’ health.