Network Segmentation to Enhance Cybersecurity for Water Suppliers

Increasingly public infrastructure companies such as water supply and treatment are being exposed to new regulations for information security. One such emerging regulation is from Livsmedelsverket, and organisation in Sweden that is responsible for safe food and drinking water.  The regulations primarily concern municipal administrations, companies and administrations that own a public water supply system and thus provide public drinking water.

Proposed regulations concern the information security of the systems used in the supply of drinking water. The regulations address a basic level of security in the systems and set requirements for certain security measures. The focus is primarily on risk analyses and how they are to be carried out, as well as the findings determined in such an analysis. The goal is to achieve a basic level of security with proposed actions to enable risk management to be carried out in an appropriate way.

When a risk analysis has been carried out, an action plan must be made and documented by the supplier. The supplier must then ensure that the network and information systems used for the supply and distribution of drinking water are logically or physically separated from information systems or networks that are not covered by the corresponding information security requirements. 

To ensure the separation of network and information systems, network segmentation can be used. Network segmentation in situations where one-way communication is important, i.e. where information should only flow in one direction, is a task that can be solved in an effective way with the help of data diodes. By using a data diode, you can ensure that the transmission is carried out securely. The integrity or confidentiality of the network is protected by the data diode – whichever is more important to protect.

DDE Technology has considerable experience working with Advenica's SecuriCDS Data Diodes. Both the separation and diode function are based on an optical transmitter and receiver. The design guarantees that no data can pass in the opposite direction, in fact, it is physically impossible! The solution, with its high assurance, protects assets for operators of critical infrastructure such as utility companies, defence, aerospace and space agencies.

In situations where information needs to go in two directions, a different type of solution is required for secure network segmentation. A solution that can effectively filter the information and ensure that the organisation's information policy is followed with every transfer is needed.

Advenica's ZoneGuard is a customisable and at the same time simple solution based on whitelisting of information through information policies. The solution ensures that organisations securely and correctly can exchange information between security domains at different levels.

Please contact DDE Technology to learn more about how data diodes and filtering solutions such as ZoneGuard can ensure network segmentation and information security.

How do You Separate Network and Information Systems?

DDE has considerable experience working with industrial control systems across a range of industries including energy, water, oil and gas, telecommunications and others and understands the risks inherent in these systems.  Contact us to learn more about the cyber risks of such systems and how operators can quickly deploy threat detection and anomaly monitoring systems and internal process controls to mitigate against these risks.

Advenica products secures critical data
Advenica products secures critical data



DDE Technology is a trusted advisor to companies around the world that rely upon critical operational infrastructure. We provide a range of solutions that ensures industry keeps running and that address the threats inherent in an increasingly interconnected world.