You are here

Case Studies

Case Studies

Nashville Metro Water Services

Service Population
680,000
Challenges
Develop a master security plan
Solution
WaterISAC Resource Center
More Details

When utilities serving a half-million consumers need to create a master security plan, the large quantity of information that must be considered from government and law enforcement agencies can be overwhelming. Metro Water Services (MWS) of Nashville was able to simplify and speed its master security planning process by tapping the vast library of resources and tools available to WaterISAC members.

MWS’s security manager notes that although every master security plan is tailor made to the water system it is designed to protect, all plans share some similarities. Although compliance standards are readily available, it is very valuable to learn the practices of water systems. MWS’s security manager did not want to reinvent the wheel, so he used WaterISAC resources.

WaterISAC has been my primary and major support system for researching our master security plan, emergency response, and vulnerability assessments. Most of the time when I go to WaterISAC, I don’t have to look anywhere else.

- Security Manager, Metro Water Services

WaterISAC is the base standard for water security backed up by a national network of contacts in government and industry. Members have access to more than 8,500 resources including best practices, alerts, and reports by industry experts. Unlike other sources of threat and mitigation information, WaterISAC is focused solely on reducing threats to water and wastewater utilities.

WaterISAC resources steered the creation of MWS’s master security plan; WaterISAC updates and alerts help ensure the plan stays up-to-date.

Cape Fear Public Utility Authority, N.C.

Service Population
200,000
Challenges
ENHANCE CYBER-SECURITY TO MEET INCREASING THREATS
Solution
WaterISAC PARTNER PERCH SECURITY
More Details

Cape Fear Public Utility Authority (CFPUA) serves the City of Wilmington and the majority of New Hanover County, N.C. It has a robust Information Technology (IT) division, but before the utility joined WaterISAC and began using Perch Security, it was concerned about how to best manage a growing volume of potential cyber threats.

Through a partnership with WaterISAC, Perch Security continuously monitors water systems' IT and operational technology (OT) networks for potential cyber threats, comparing network traffic against indicators in WaterISAC’s extensive threat repository. Perch’s dedicated security operations center evaluates detected threats and notifies members to take corrective action on validated malicious activity.

Having this additional set of eyes looking at our traffic for potential threats became extremely valuable. At that time, our organization had limited staff to focus solely on cyber security, and we lacked the dedicated resources to identify, isolate, remediate, and then warn others about potential threats. Perch allowed us to not only be informed, but quickly respond to those identified threats and then automatically warn others within the participating Perch community.

- Eric Hatcher, CFPUA security and emergency manager.

Through its membership with WaterISAC, CFPUA learned about other industry security related services, such as the Department of Homeland Security (DHS) cybersecurity self-assessment tool, and other free DHS cyber assessment services. “These services provided us with tools that helped us establish an industry specific security standard and demonstrate how we were, or were not, meeting those defined best practices,” Hatcher said.

San Jose Water Company

Service Population
1 million+
Challenges
BOOST UTILITY SECURITY AND EMERGENCY MANAGEMENT
Solution
WaterISAC ALERTS AND RESOURCES
More Details

San Jose Water Company serves the greater San Jose, California metropolitan area. It is one of the largest and most technically sophisticated urban water systems in the U.S.

The leaders of security, business resiliency, and information systems at San Jose Water believe protecting the utility from cyber and physical threats is primarily a twofold challenge. It requires the awareness of all staff and access to a hub of information on current and emerging attacks.

"The threat landscape is always changing, and because WaterISAC receives information about risks to essential industries across the nation, we can see trends or learn about an incident elsewhere that may prompt us to review and strengthen one of our safeguards,” said Dana Drysdale, vice president of information systems at San Jose Water. “It’s an important resource.”

Drysdale and his colleagues also value WaterISAC’s regular email alerts and updates. "I may see items that are specifically water-related that I might have missed from other information sources," said Peter Fletcher, senior director of cybersecurity and IT at San Jose Water. As part of the utility’s cybersecurity training, broader insights conveyed in WaterISAC updates are shared with all employees.

From an emergency management perspective, San Jose Water’s Manager of Security and Business Resiliency, Jim Wollbrinck, appreciates WaterISAC’s partnership with American Water Works Association and other consortiums. “WaterISAC is looking at telecom, electric power, and other critical infrastructure that we communicate with during an emergency,” Wollbrinck said. “It’s just a great partnership in helping us coordinate.”