Case Study

Industrial Cybersecurity Solution and Training

Regional Wastewater Treatment Facility Secures Network PLCs with Belden-exida Solution and Hands-on Training.


Customer:

Wastewater Treatment Facility

Challenge:

Network PLC Security

Solution:

Install Tofino Central Management Platform and train staff

Results:

Less traffic on plant network, more secure network, and met guidelines and mandates for general wastewater practices


Project Summary

A wastewater treatment plant needed to protect its communications network, speci cally the programmable logic controllers (PLCs) that run its operations. The primary goal was to reduce the risk of malware, accidental network incidents, or traf c storms from taking down the plants’ supervisory control and data acquisition (SCADA) network. With an easy to install solution that signi cantly reduced and ltered network traffic to the PLCs, the facility is now on the leading edge of cyber security protection. 

Challenges

In this city, the Department of Water Resources oversees the city’s water and wastewater treatment facilities, as well as the local reservoir, water lines, storm sewers, sanitary sewers and water meter reading. The system is complex: 24 buildings house more than 500 pieces of equipment that run the 15 processes needed to treat the 13 million gallons of wastewater each day. And it needs to run 24 hours a day. 

In 2012, the department initiated a two-year construction upgrade, during which they switched their network to industrial Ethernet. While reviewing the system, the team took a hard look at the security of their communications network.

With little protection or separation between the plant’s SCADA network and the city’s IT network, the system was essentially accessible to all city employees. Most troubling, even students at the city’s high schools could stumble upon and potentially alter the mission-critical information on the SCADA network. 

Solution

It’s common for the plant network and operations to be managed by a small team. The same is true of the one-person “team” who manages process automation and control for the regional wastewater plant, and has the primary goal of keeping their facilities up and running.

With several other plant issues to manage, downtime isn’t an option. Working with a cross-functional team at Belden, To no Security and exida, the plant electronics technician identi ed a new solution to better secure the wastewater plant, speci cally the PLCs that automate their facilities.

The local team purchased a To no Central Management Platform (CMP) and 13 To no Security Appliances with rewalls to secure each PLC on the network. If a PLC crashes, so does the entire system. The city has now speci ed that all processors will be protected by a Tofino rewall moving forward. They also keep spare products on hand for new PLCs in need of similar protection.

After purchasing the products, the plant found the Tofino solution intuitive to install. Working with an electrician, the Tofino Security Appliances were easily wired into the network, but support was required when it came to con guring and managing the quantity of traf c their network was facing.

The training included everything from baseline networking knowledge to hands-on installation and trouble-shooting. 

Results

As a result of the training and installation:

  • There is significantly less traffic on the plant’s network. The Tofinos are operational and have been tested to con rm they are passing what is needed and blocking what is not. The team feels secure in managing the traffic themselves.
  • The Department of Water Resources is on the forefront of cyber security for industrial facilities. The network is very secure, making it impossible for even the internal IT department to impact the PLCs.
  • The plant is also meeting the guidelines and mandates for general wastewater practices and will be well prepared when those guidelines become law.