Water Authority Bolsters IoT Resilience With Cisco Cyber Vision

It was 2020, just as COVID-19 had begun to make its way across the globe, and the Albuquerque Bernalillo County Water Utility Authority was staring down a problem.

Its networks were too antiquated to support its role as a water supply to more than 650,000 people.

The Water Authority wanted to use its Internet of Things (IoT) devices to monitor water quality and prevent cyberattacks against the water supply – a growing threat in pandemic times.

But the network infrastructure couldn’t support these plans without an upgrade. The IT team had little visibility into network traffic or devices, such as IoT devices, joining the network.

““We were kind of going in a little blind,” said Kristin Sanders, chief information security officer for Albuquerque Bernalillo County Water Utility Authority.

“The thing we needed was to have that visibility at the switch level to start understanding everything that we have on the network,” she said.

So the Water Authority turned to Cisco Cyber Vision, a tool to bring visibility to network activity.

With Cyber Vision, the Water Authority could establish a baseline for “normal” device behavior and network activity. Network managers receive alerts when anomalous behavior occurs. IT also has access to a detailed asset inventory, making it easier to identify software vulnerabilities to patch and build security policies to enforce.

Using Cyber Vision also enabled the Water Authority to bring its enterprise IT and operational technology (OT) teams closer together, enabling better security and resilience of critical water systems.

“Historically, the two groups were completely separate,” Sanders said.

“We found that our OT team didn’t necessarily understand the nuances of cybersecurity, while we in IT were unfamiliar with the … controllers and … interfaces our OT colleagues use every day,” Sanders said. “Cyber Vision helped bring us together.”

Ultimately, using Cyber Vision brought greater IoT resilience to the Water Authority’s landscape of devices.

That’s critical. According to a November 2020 study, nearly 50% of respondents said that IT and OT were only somewhat integrated.

Securing Critical Infrastructure Becomes Paramount in Pandemic Times

Using Cyber Vision has enabled the Water Authority to future-proof its infrastructure. Modern network infrastructure and better visibility between IT and OT have positioned the organization to address compliance with America’s Water Infrastructure Act and in preventing a security breach that could put its customers at risk.

The need for visibility into networked IoT devices – and greater IoT resilience – had become all the more paramount given attacks during pandemic times.

Attacks on critical infrastructure have increased some 41% in the first half of 2021 compared with the previous six months, which is particularly significant given that in all of 2020 they increased by 25% from 2019 and 33% from 2018, according to Claroty’s Biannual ICS Risk & Vulnerability Report.

Malicious attacks in 2021 on the Colonial Pipeline, JBS Foods and the Oldsmar, Florida, water treatment facility have demonstrated the vulnerability of critical infrastructure and that it’s a compelling target during pandemic times.

“Critical infrastructure is being targeted, so … the big part of it is being able to have that baseline [for normal network behavior] and anomaly detection,” Sanders said.

Sanders noted, too, that the pandemic increased assaults on critical infrastructure by way of enterprise IT systems, through email systems and the like.

“The longer we’ve been in the pandemic – where we have seen vendor, email compromises happening –there has been a huge influx of phishing attempts,” she said.

Networking Management Best Practices

Sanders noted that the Water Authority has also begun to institute other key network management best practices, including network segmentation and zero-trust principles.

“Obviously, having your OT environment properly segmented from the enterprise is also huge: really being able to control what is connecting to your servers and what they’re talking to,” she said.

Additionally, using multifactor authentication and zero-trust security principles has helped minimize access to vulnerable devices and network access points.

As staff worked remotely during the early days of the pandemic, the Water Authority reaped the benefits of modernizing its networking and IoT infrastructure.

“When staff started working from home, we really expanded our digital footprint, creating a larger attack surface for cybercriminals to try and exploit,” Sanders observed. “Our earlier technology investments made this transition seamless and kept us secure.”