Cybersecurity Remediation for European Water Utility

This case study outlines the cybersecurity remediation efforts undertaken by a nationalized European water utility serving 5 million people. Following the nationalization of water utilities in 2014, the organization faced the challenge of securing a vast ecosystem of interconnected IT and operational technology (OT) environments while complying with strict EU directives, including the National Infrastructure Securities Directive (NISD) and the forthcoming NIS2. The utility implemented Armis Centrix™ for OT/IoT Security to address vulnerabilities and ensure compliance. The initial phase involved defining the OT environment and establishing firewalls to segment IT from OT. Monitoring was then implemented to provide visibility into asset behavior and vulnerabilities. Within 18 months, Armis helped remediate 26 water treatment plants, significantly enhancing the utility's cybersecurity posture. The case study details the importance of understanding asset risks and the utility's plans for ongoing improvements, including integrating asset inventory information for field workers.