Industry: Utilities – Water & Wastewater
Project Overview:
Sydney Water wanted to strengthen the security of its operational technology (OT) environment, they approached Sydco deploy network segmentation. The goal was to move towards a Zero-trust security model, reducing the risk of cyber threats spreading laterally and improving visibility and control over critical infrastructure.
Challenges:
- The OT network was largely flat, with minimal separation between control systems and support infrastructure.
- Legacy systems lacked native security controls, making them vulnerable to unauthorized access.
- There was limited visibility into inter-device communication, increasing the risk of undetected threats.
Solution:
Sydco designed and implemented a segmentation strategy based on the Purdue Model, creating distinct zones for field devices, SCADA systems, and enterprise interfaces. Firewalls and access control lists were deployed at key junctions to enforce strict and granular least-privilege policies. Monitoring points were established to track and log traffic between zones.
Results:
- Critical OT assets were isolated from non-essential systems, reducing the risk of lateral movement.
- The security team gained improved visibility into traffic patterns and potential anomalies.
- The segmentation framework aligned with industry standards such as ISO 27019 and supported regulatory compliance.
