Security in OT Environments for Water Management

Water management has transformed over recent decades thanks to industrial automation. What was once purely physical and manual is now controlled by Operational Technologies (OT): PLCs, SCADAs, sensors, RTUs, and remote control systems managing everything from pumping to purification and treatment. But this digitalization has introduced a new enemy: persistent cyber threats targeting critical infrastructures.

This isn’t about future hypotheticals. Today, real and recurring attacks on water systems expose structural vulnerabilities, especially in remote access and IT/OT network segmentation. The good news: there are solid, auditable, and specialized solutions to protect these environments. The bad news: many organizations still haven’t adopted them.

What Assets Must Be Protected in Water Management Systems?

OT environments in the water cycle are complex, distributed, and heterogeneous. They often operate for decades without major updates, making them functionally stable but technologically fragile against new threats.

Key components of a digitized water infrastructure:

1. SCADA Systems
   These form the control and supervision layer for the entire process. From a central console, operators can start or stop pumps, activate valves, regulate flows, or receive failure alerts. Their vulnerability lies in the fact that if compromised, an attacker could manipulate the water cycle directly, causing anything from service disruptions to pollutant discharges.
2. PLCs (Programmable Logic Controllers)
   These small automata execute real-time commands: opening gates, dosing chemicals, or balancing pressure. Although powerful, they often lack built-in security features. Many don’t even require authentication, making them easy targets if the network is accessed.
3. RTUs (Remote Terminal Units)
   Used to communicate with sensors and actuators in remote stations. By nature, they operate in physically unprotected locations, making it essential to digitally control every connection to them.
4. HMIs (Human-Machine Interfaces)
   Screens or terminals operators use to interact with the system. These are often on internal networks without isolation, allowing lateral attacks from corporate IT networks to reach them.
5. Industrial IoT Sensors and Devices
   Smart devices that monitor pH, chlorine, turbidity, leaks, or temperature. They often use insecure protocols or even vulnerable wireless connections. A compromised sensor can trigger incorrect automated decisions across the entire plant.

All these components are part of a hybrid IT/OT network, where the attack surface multiplies without specific industrial cybersecurity measures.

Real Threats: When Water Becomes an Attack Vector

Attacks on water plants have already occurred—and will continue—for three key reasons: these are underprotected systems, critical to society, and relatively easy to attack remotely.

Representative cases:

• Oldsmar, Florida (2021): A cybercriminal accessed the SCADA system of a water treatment plant and attempted to dangerously increase sodium hydroxide levels in drinking water. This was done via TeamViewer, with uncontrolled credentials, from a network exposed to the internet.

• Israel (2020): Irrigation systems and pumping stations were targeted in a cyberattack campaign attributed to Iran. Access was made possible through poorly configured devices, lacking network segmentation and multifactor authentication.

• Thames Water, UK (2022): The country’s largest water company faced unauthorized access attempts to its industrial systems. Investigation revealed persistent access through third-party accounts lacking traceability and proper permissions.

All these cases share a pattern: remote access to industrial assets is handled carelessly, without isolation or robust traceability. That must change.

Specific OT Security Challenges in Water Management

1. Legacy Systems with Long Lifespans
   Many PLCs, SCADAs, and RTUs have been in operation for over 15 years. Updating them is expensive, difficult, and sometimes impossible without service disruption. They often don’t support modern authentication, encryption, or autoupdates creating blind spots in security.
2. Insecure Industrial Protocols by Design
   Protocols like Modbus, DNP3, or even HTTP and FTP are still used for critical communications. The issue: they transmit data and commands in plaintext, without encryption or integrity checks. Attackers intercepting these communications can read, modify, or spoof data undetected.
3. Uncontrolled Remote Contractor Access
   Maintenance technicians, system providers, and integrators often need remote access. Many use shared VPNs, traditional remote desktops, or non-audited solutions leaving doors open to malicious access, human error, or credential theft.
4. Lack of Visibility in OT Environments
   Often, there’s no centralized record of who accessed the system, what actions were taken, which commands were executed, or whether configurations were changed. This lack of traceability hinders incident detection, auditing, and regulatory compliance.
5. IT/OT Convergence without Proper Segmentation
   Connecting OT environments to IT networks, cloud systems, ERPs, or reporting platforms is sometimes necessary for efficiency. But if not strictly segmented, any IT incident (malware, phishing, ransomware) can spread directly into the industrial environment with critical consequences.

What Do Regulations Require?

In the European framework, water sector protection as critical infrastructure is addressed in increasingly demanding regulations:

• NIS2 Directive: Classifies water management as an essential sector. Requires robust access controls, network segmentation, multifactor authentication, continuous monitoring, and full traceability of privileged access.
• National Security Framework (ENS): In Spain, mandates proportional measures based on criticality level, including robust authentication, privilege control, incident management, and operational continuity.
• ISO/IEC 62443: International framework for cybersecurity in industrial automation. Specifies requirements like role-based access control, environment isolation, vulnerability management, and defense in depth.

All share a core requirement: control and audit all remote access to industrial systems, especially by privileged users.

Endurance: Certified Shielded Remote Workspace as a PAM

Traditional PAM solutions for IT networks are no longer sufficient. OT environments, especially in water management, require a specialized solution: a certified, shielded remote workspace tailored to real world industrial needs.

What is Endurance?

Endurance is a remote workspace developed by Cosmikal that goes beyond a traditional PAM. It is a shielded remote workspace, certified as a PAM by the Spanish National Cryptologic Center (CCN), designed to enable secure, auditable, and controlled connections to IT and OT assets from anywhere in the world without compromising integrity or security.

How does Endurance support OT water environments?

1. Total Isolation of Industrial Assets
   Users never connect directly to PLCs, SCADAs, or RTUs. Endurance acts as a secure bridge, isolating the system and only transmitting keyboard, mouse, video, and audio events. This means neither the asset nor its network is directly exposed, even when insecure protocols like Telnet or Modbus are used.
2. Access by Time, Role, and Context
   Remote access is granted based on the technician’s role, for a limited time, and from authorized locations. No permanent access or shared credentials. Each connection is contextualized, controlled, and supervised.
3. Robust Authentication and Adaptive MFA
   Each session requires multiple authentication factors (password, token, certificate, etc.). Even in low-connectivity or offline environments, Endurance ensures secure validation.
4. Complete Traceability with Session Recording
   Every session is recorded and replayable. Audits can reveal what each user did, when, and on which device. This supports compliance with NIS2, ISO27001, and ENS, while improving incident response.
5. No Need to Modify OT Assets
   Endurance does not require agent installation, firmware modification, or SCADA logic changes. It provides non-intrusive protection, which is essential in delicate industrial systems.
6. Agile and Scalable Deployment
   Ideal for distributed environments with many remote stations, pumping sites, or geographically dispersed plants. It can be deployed remotely, without operational interruption.

Conclusion

Protecting water management systems isn’t just a technical issue, it’s strategic. The risk is real, regulations demand it, and tools exist to mitigate these threats. But they must be properly applied.

Endurance is not just a PAM, it’s a certified shielded remote work environment designed to protect real-world OT environments. No excuses. No reliance on insecure protocols. Certified by the CCN. Its adoption not only reduces operational risk but also ensures regulatory compliance and peace of mind, knowing no critical asset is left unprotected.

Want to learn how Endurance protects water infrastructures without disrupting operations?

Contact Cosmikal and request a demo.