Cyber Security for Water Management Districts

by | Feb 20, 2023 | Case Studies, Water Management

The Client

Large Water Management District in Florida

 

Summary

 

Local municipality utilities, such as water and power, are at greater risk of attack. Whereas larger regions have more complex protections in place, small cities and counties have fewer resources and smaller cyber teams – leaving them vulnerable.

With a need to configure Microsoft Protection Suite and Sentinel for their environment as well as maximize the resources and efforts of their team, a Water Management company began its partnership with Conquest Cyber in 2019.

We set up their Microsoft Protection Suite and Sentinel – configuring it to manage monitoring and operations, augmented their team with Conquest’s Managed Extended Detection and Response Service, and used ARMED ATK’s DEFEND and SECOPS Modules to ease their team’s operations and monitoring burden.

This ongoing partnership serves to safeguard the water supply for over fifteen counties.

 

 

Problem

ADDRESS THE NEED TO PROTECT SOUTH FLORIDA’S ACCESS TO CLEAN DRINKING WATER WHILE MAXIMIZING THE EFFORTS OF THEIR SMALL CYBER TEAM

 

 

For years, Russian and other adversarial nation-state hackers have been probing American energy companies and electrical utilities. Small municipalities’ systems are most at risk, with smaller budgets and fewer resources. This is especially true in water management systems.

We joined forces with the client to maximize their effectiveness – removing 98% of their alert workload. By removing the noise, providing continuous monitoring and SOC services, our partnership enables their small team to be prepared – preventing successful breaches like that in Oldsmar, Florida. Just outside of the South Florida region, this small town’s systems were infiltrated leading to dangerously high levels of sodium hydroxide being added to the water. While discovered before causing harm, this attack raised the level of water management systems across the country.

 

 

Solution

COMPLIANCE. MATURITY. EFFECTIVENESS.

 

 

The Conquest team began its partnership with the customer by standing up and configuring both their Microsoft Protection Suite and Sentinel. This provided them with vital monitoring and operations functions.

To maximize their team’s efforts and capabilities, Conquest deployed its ARMED ATK platform to enable its DEFEND and SECOPS (Security Operations Center) modules. The DEFEND module serves as their home base with a real-time view of the environment’s maturity. The SECOPS module provides a centralized view of the environment’s security alerts and incidents. With an intuitively organized ticketing system, these alerts are clearly labeled by time, location and severity. These modules provide 24/7 visibility and alert team members of potential issues via email and push notifications directly from the ARMED ATK platform. If further mitigation is needed, the platform also provides direct access to Conquest’s elite team of cybersecurity experts.

These modules, alongside Conquest’s Managed Extended Detection and Response service, augment the customer’s team. Furthering our partnership, Conquest also provides:

 

 

BIWEEKLY TICKET AND TUNING REVIEWS
EFFECTIVENESS TESTING
QUARTERLY CYBER RESILIENCY REVIEWS
RANSOMWARE AND INCIDENT RESPONSE TABLETOP EXERCISES

 

Distinctives

AUGMENTED TEAM BETTER UTILIZES RESOURCES

 

Conquest Cyber serves as more than a vendor, but rather acts as a partner. By understanding each environments’ maturity, Conquest can adapt and adjust its services to meet its needs.

Beginning with stand-up and configuration, Conquest’s partnership with the customer has evolved to focus on 24/7 monitoring through the SECOPS module and full visibility into their cyber program through the DEFEND module. The unique capabilities of ARMED ATK dramatically improve the district’s security posture with an overlay of risk and compliance and allow them to:

 

  • Stay on track with their requirements
  • Automate and implement the collection of evidence
  • Allocate each piece of evidence to each of the NIST CSF controls and better prepare for audits
  • Access direct mapping to compliance requirements specific to their requirements and actionable steps towards achieving the outcome
  • Make risk-informed decisions to integrate into their operations
  • Organize all security alerts and incidents in their environment based on time, location, and severity
  • Enable 24x7x365 Extended Detection and Response, Advanced Threat Hunting, and Managed Sentinel Service
  • Access logs in their environment dated as far back as one year

Our partnership removes 98% of the alert caseload that internal analysts need to review – freeing up time for other key tasks. With our effectiveness testing, bi-weekly ticket and tuning reviews and quarterly cyber resiliency reviews, we ensure both situational awareness and preparedness. When protecting our nation’s vital resources, like water, our work protects more than cyber environments. We’re protecting our way of life and providing peace of mind.

 

Outcomes

MAXIMIZE TEAM’S EFFECTIVENESS BY REMOVING 98% OF ALERT WORKLOAD

 

Microsoft Protection Suite & Sentinel Configuration Combined With ARMED ATK’s DEFEND and SECOPS Modules reduces alerts – leaving only the critical 2% to be reviewed manually.

Combined with ARMED ATK, Conquest’s Managed Extended Detection and Response serves as an extension of their team to provide 24/7 visibility. Through their partnership with Conquest, the customer is able to more efficiently use their resources, reducing workload and saving money.

Taking the customer beyond compliance, our partnership improves their maturity, alert workload, and incident and ransomware response preparedness.

 

Share This