Manual Processes Creating Risk and Inefficiency
In October 2021, the CISA (Cybersecurity & Infrastructure Security Agency) issued an alert, “Ongoing Cyber Threats to U.S. Water and Wastewater Systems,” recommending the use of one-way communication diodes to “ensure robust network segmentation between IT and OT networks.”
For one large public water utility serving nearly two million residents, this was already a pressing concern. The utility took great care to keep the central IT (Information Technology) network used by administrative teams physically separated from the OT (Operational Technology) network which controlled the plant operations. This meant that data was transferred using physical media (burning disks) on a daily basis, with a disk hand-carried between networks.
This approach had two major disadvantages:
- Resource drain: The manual process required daily staff time to burn and transport disks, plus ongoing consumable costs, creating a significant cumulative expense.
- Delayed insights: Data delays of up to 24 hours prevented real-time decision-making, limiting the utility's ability to optimize operations, respond quickly to issues, and capture cost-saving opportunities.
Deploying MetaDefender Optical Diode (Fend)
To securely automate data transfers, the customer deployed MetaDefender Optical Diode (Fend). The Optical Diode enables one-way communication from OT to IT, physically blocking 100% of inbound traffic while eliminating the need for patches or ongoing maintenance.
Configured in FTP mode, the Optical Diode securely transferred files containing key plant performance metrics, ensuring that operational data could flow continuously to IT systems without risk of inbound threats. The solution seamlessly integrated with their existing infrastructure, requiring minimal changes to current workflows while providing enterprise-grade security that meets regulatory compliance standards.
Faster, Safer, More Cost-Effective Operations
By implementing OPSWAT MetaDefender Optical Diode (Fend), the utility achieved:
- Faster insights: Data moved from daily batches to near real-time transmission (every few minutes), enabling plant operators and management teams to monitor performance metrics continuously and make informed decisions based on current conditions rather than outdated information.
- Lower costs: Eliminating consumables like physical disks and the daily labor required for manual transfers resulted in significant operational savings. The utility also reduced overhead associated with managing physical media storage and the risk of data transfer errors that could require costly reprocessing.
- Stronger security: The solution maintained air-gap-level protection by physically blocking 100% of inbound network traffic while ensuring operational efficiency. This approach provided robust defense against sophisticated cyberthreats without compromising data accessibility for authorized personnel.
- Improved operational reliability: Real-time monitoring capabilities transformed the utility's maintenance approach, allowing teams to identify potential equipment issues before they became critical problems. This proactive visibility enabled better maintenance scheduling, reduced unplanned downtime, and improved overall system reliability for the nearly two million customers they serve.
Blick in die Zukunft
With the success of this initial deployment, the utility is now exploring expanding MetaDefender Optical Diode (Fend) implementation across additional facilities in their network. Our customer recognizes that this secure data sharing foundation positions them well for future digital transformation initiatives while maintaining the highest security standards.
Secure Your Critical Infrastructure Today
Critical infrastructure providers like water utilities can't afford to compromise on security, but they also can't sacrifice operational efficiency.
Ready to secure your critical infrastructure without compromising efficiency?
Contact OPSWAT today to learn how MetaDefender Optical Diode (Fend) can transform your data sharing capabilities while maintaining the highest security standards.
