Dutch Water Resource Board Enhances Network Security and SCADA Systems
Thanks to SandBlast Threat Emulation, we have been able to significantly increase our network security and prevent ongoing attacks. Check Point’s SCADA solution provides us with higher visibility and extended policy granularity, helping us comply with various standards set by the BIWA. -René van Hes, System and Network Manager, Hunze en Aa Water Resource Board
Ensuring a Clean, Safe Water Supply
The Hunze en Aa Water Resource Board is responsible for ensuring that communities in eastern Groningen and northeastern Drenthe, the Netherlands, enjoy access to sufficient, clean water. The water resource board also builds and maintains dikes to protect against flooding, and ensures that waterways are navigable. It’s a challenging responsibility, because much of the area is below sea level, and pumping stations regularly pump high water into the Wadden Sea.
In this sensitive environment, maintaining robust security is essential for the board—particularly for its Supervisory Control and Data Acquisition (SCADA) systems. Even a short network downtime could jeopardize the safety and lives of people throughout the region.
Protecting Water Management Environments for Compliance and Reliability
To help ensure safe operation of its pumping stations and other key systems, the Hunze en Aa Water Resource Board needed a solution that was reliable and provided complete control. The water resource board wanted to minimize risks in its SCADA environment and replace its eight year old, mixed environment of security tools with a central, manageable solution.
“The Information and Communications Technology (ICT) team is responsible for both office IT and industrial process automation, in particular the technical management of the applications and connections,” says Rudi Boets, Head of the ICT Team at Hunze en Aa’s Water Resource Board. “We ensure that the SCADA systems can send their data to the main entry system via the VPN connections. The managers can then consult the data by means of visualization.”
The Board was also looking to improve compliance with guidelines from the Baseline Information Security Water Board (BIWA). This Dutch water board union has established recommendations to secure utilities’ physical environments as well as digital information.
The stakes were high, and the water board needed a solution that could provide thorough protection against today’s advanced threats.
“Imagine that a large pump in one of our pumping stations suddenly goes off-line,” says Boets.
“In such a case, we run the risk that a large area will be flooded. That could lead to life-threatening situations and major economic damage.”
Delivering Full Visibility
To gain the network insight and security it needed, the Board decided to implement a total upgrade of its network environment. After evaluating a variety of products, the organization deployed Check Point 12400 NGTX Appliances with SandBlast Zero-Day Protection. The appliance-based solution helps the Board increase visibility into its SCADA application data. Check Point helps the water resource board reduce the risks in its SCADA environment to a minimum and replace its mixed assortment of old security tools with a central manageable cluster.
“During the proof of concept phase, the Check Point solution was the best of the bunch when it came to monitoring and developing an inventory of SCADA traffic,” says René van Hes, System and Network Manager at Hunze en Aa’s Water Resource Board.
Consolidating for Control
Check Point 12400 Appliances offer a complete, consolidated security solution available in five Next Generation Security Software Blade packages. Migrating from its outdated multi-vendor environment to a consolidated solution also helps the Board enhance control over its network environment.
“We wanted a security solution with a central control option,” says Van Hes. “Above all, it had to have more functionality than our existing solution. When it came to making a choice, we paid attention primarily to how our various tools could be combined in a single solution. The central control feature is very clear, which makes our work a great deal simpler.”
Powering Sophisticated Threat Prevention
At the outset of the deployment, Check Point and its partners performed a Security Checkup, then tested the solution for three weeks on the organization’s network.
The process involved activation of all the appliance’s software blades, as well as the cloud-based SandBlast Threat Emulation Service to protect against zero-day and unknown malware. Using the SandBlast sandboxing capability to analyze files, the water resource board is able to secure its network against the more sophisticated malwares that might bypass traditional security solutions like Antivirus.
Ensuring Consistent Compliance
Hunze en Aa’s Water Board deployed the Check Point solution to free the organization from its legacy security systems. The new solution delivers granular visibility and control it needs, as well as advanced security requirements to meet demanding BIWA standards—while also ensuring optimum security for its SCADA systems.
Enhancing Visibility for Greater Protection and Compliance
The Hunze en Aa Water Board worked closely with Check Point and its partner to deploy and optimize the new security platform. The solution’s centralized management provides excellent visibility into the organization’s network.
“The central control management implementation gives us a crystal clear insight into our network traffic,” explains Van Hes.
With its new security solution in place, the Board is confident that it can provide the protection it needs for sensitive data, and meet its compliance requirements.
“Thanks to SandBlast Threat Emulation, we have been able to significantly increase our network security and prevent ongoing attacks. Check Point’s SCADA solution provides us with higher visibility and extended policy granularity, helping us comply with various standards set by the BIWA.”
The water board is exceptionally satisfied with its Check Point solution. The new platform delivers the performance and security the board needs, and the Board found that the Check Point team was collaborative with, enabling a smooth and flawless deployment.