North America Utility Improves Cybersecurity and Operational Resilience

The Colonial Pipeline and Oldsmar attacks have sounded the alarm for Critical Infrastructure providers. The need for robust Operational Technology (OT) cybersecurity has never been more evident.

However, many operators in this space are still grappling with where to begin their cybersecurity journey. Research shows that only 30% of Critical Infrastructure providers have a cybersecurity plan in place.

“Managing cyber risk is especially difficult for companies operating in Critical Infrastructure sectors where specific OT cybersecurity and industrial operations expertise are needed for minimized downtime and reduced cybersecurity risk,” says Kamil Karmali, Sr. Global Manager, OT Cybersecurity Consulting Services for Rockwell Automation.

The same challenge arose for a North America water and electricity distributor serving approximately 250,000 customers, prompting the need for enhanced OT cybersecurity.

The utility company, responsible for providing fresh drinking water and electrical distribution, recognized the imperative to upgrade its infrastructure and OT cybersecurity capabilities. The Oldsmar water plant attack underscored the need to fortify network perimeter security, establish secure remote access, and implement robust threat monitoring and detection mechanisms.

Lacking internal OT cybersecurity expertise, the company turned to Rockwell Automation for a comprehensive cybersecurity solution that would safeguard its environment, achieving uninterrupted service and public safety.

Working with Rockwell Automation was the logical choice for the utility, thanks to a 20-year relationship built on the foundation of prior automation services. The utility was confident the Rockwell Automation team understood its business operations, infrastructure security, and OT system.

The utility team also knew, from previous engagements, that Rockwell Automation backs their company's security and architecture expertise with comprehensive capabilities, setting the stage for another successful collaboration.

Rockwell Automation delivered a blend of lifecycle management and lifecycle refresh initiatives, with cybersecurity elements baked in from the start.

Step 1: Asset Inventory

First, Rockwell Automation initiated a comprehensive audit of the utility's digital assets to assess vulnerabilities and risks. This audit, critical for identifying potential cyber threats, illuminated previously unseen devices on the plant floor, enabling robust protection measures.

Step 2: Security by Network Segmentation

Recognizing the importance of network segmentation, the Rockwell Automation team implemented this critical security technique, dividing the network into subnetworks to control traffic flow and access rights. This step fortified the network's security posture, minimizing the impact of potential cyberattacks.

Step 3: Virtualized Industrial Data Center

Next, upgrading the compute infrastructure was pivotal in enhancing the utility's cybersecurity. Dual Industrial Data Centers (IDCs) with cross-backups and managed support services replaced the single-managed IDC. This upgrade delivered redundancy for process operations and a more dependable compute infrastructure, reducing the risk of downtime.

Step 4: Network Perimeter Security with an IDMZ (Industrial Demilitarized Zone)

To strengthen network perimeter security and safeguard OT assets from unauthorized access, an Industrial Demilitarized Zone (IDMZ) was deployed. This IDMZ architecture enabled secure remote operations, even during infrastructure disruptions.

“The dedicated OT virtualized compute infrastructure hosts a stretched IDMZ across two IDCs, to permit a site redundant IDMZ. The utility’s leaders were serious about maintaining the uptime of their critical and remote operations, even in the event of a plant disaster,” says Robert Matear, business development lead for Connected Services at Rockwell Automation.

Step 5: Extra Security Measures

Rockwell Automation also enlisted the help of Encompass™ Product Partner Claroty to detect hacking attempts and suspicious network activities. Specifically, the utility company will use Claroty’s Continuous Threat Detection (CTD) to monitor OT traffic and pinpoint threats and anomalies across the enterprise.

Claroty Secure Remote Access (SRA) will also be deployed, facilitating Role-based Access Control (RBAC) and privileged access management (PAM) to lock down accounts with elevated access rights.