Defending Our Water Systems: BlastShield's Role in Enhancing Cybersecurity and Securing Critical Infrastructure

Investing in defensive cybersecurity systems can prevent costly and dangerous attacks on our water and wastewater systems. BlastShield enhances the security of these systems by combining secure remote access, network segmentation, and network cloaking into a single product, simplifying OT security and reducing costs by up to 70%.

In March 2023, the EPA released a new cybersecurity mandate in conjunction with the 2023 National Cybersecurity Strategy. This announcement highlighted how critical infrastructure categories are increasingly vulnerable to cyber threats. Public water systems (PWS) are vulnerable to attacks that “have the potential to disable or contaminate the delivery of drinking water to consumers and other essential facilities like hospitals.” By proactively protecting these systems, we can prevent attacks before they happen.

Treatment systems might use coagulants, polymers, fluoride, disinfectants, and agents for corrosion control to produce water for human consumption–but where does one “pour in” cyber security? Hidden beneath any array of pipes, pumps, sensors, and valves resides vast numbers of electronic cyber assets used to control it all. While all cyber systems must take care to prevent any degradation of availability due to malicious or inappropriate access, assets in the Operational Technology (OT) domain often face even greater challenges. As many as one third of all OT cyber systems contain vulnerabilities. Under the new mandate, states are now responsible for conducting cyber assessments as part of their routine annual sanitary surveys.

In October 2023, CISA issued a reminder about the convergence of IT and OT systems and how these systems can be better secured. One of the recommendations includes a robust vulnerability patching process. However, In many industrial environments, patching isn’t possible due to the fact a third of all OT devices containing vulnerabilities are unsupported by vendors. BlastShield can protect unpatchable legacy infrastructure or provide protection until an available patch can be applied, in planned maintenance windows.

The Solution

BlastShield is capable of addressing 4 of 10 policy recommendations germaine to water sector cybersecurity, as recommended by the EPA.

Question 2. “Does your utility segregate networks and apply firewalls?”
- With BlastShield, network segmentation becomes a drag-and-drop interface that is user-friendly, providing a faster, more cost-effective, and easier-to-operate comprehensive system when compared to a traditional firewall.
Question 3. “Does your utility use secure remote access methods?”
- Faster and more secure than a VPN, BlastShield provides zero-trust, secure remote access that is phishing-resistant.
Question 4. “Does your utility establish roles to control access to different networks and log system users?”
- BlastShield allows users to access the network only after they have been vetted through the software-defined parameter architecture and allows role-based access controls to limit the resources that their credentials permit them to.
Question 5. “Does your utility require strong passwords and password management practices?”
- BlastShield authenticates users before connecting using a passwordless multi-factor authentication that is unique to each user.

In addition to these features, BlastShield also provides device and network cloaking, as well as protection against man-in-the-middle attacks and ransomware.

BlastShield provides a cost-efficient option, merging several systems into one, which can reduce OT security costs by up to 70%.

Additional Funding

To enhance the security of water systems, there are funding options for traditionally underfunded PWS, available for states, cities, counties, towns, and tribal lands.

Clean Water State Revolving Fund (CWSRF): administered by the EPA; offers assistance to all 50 states and Puerto Rico which then provides funding options to water infrastructure water quality projects within their jurisdiction.
- CWSRF has direct funding for the District of Columbia, the US Virgin Islands, American Samoa, Guam, and the Commonwealth of Northern Marianas.
Drinking Water State Revolving Fund (DWSRF): administered by the EPA; offers assistance to all 50 states and Puerto Rico which then provides funding options to further infrastructure and non-infrastructure projects within their jurisdiction.
- DWSRF has direct funding for the District of Columbia, the US Virgin Islands, American Samoa, Guam, and the Commonwealth of Northern Marianas.
CISA State and Local Cybersecurity Grant Program (SLCGP): administered by DHS; provides funding for state and local governments to address cybersecurity risks and threats.
FEMA Tribal Cybersecurity Grant Program (TCGP): administered by DHS; provides funding to tribal governments to address cybersecurity risks and threats.

For a deeper dive into the crucial interplay of cybersecurity and public water systems, don't miss our informative solution brief, "Navigating the Evolving Landscape: EPA's Approach to Cybersecurity for Public Water Systems." This guide comprehensively illustrates the expanded role of cybersecurity in maintaining the integrity of our water systems, highlighting key considerations and effective strategies.

Download the brief now to enhance your understanding and approach to securing our vital water infrastructure:
‍https://go.blastwave.com/hubfs/epa-cybersecurity-guidelines.pdf

Download Infographic (PDF)