Water/Waste Water Company Implements DHS Defense-In-Depth Cybersecurity Strategies

Water/Waste Water Company Implements DHS Defense-In-Depth Cybersecurity Strategies

Company Overview

Major regional water/waste water authority serving over 800,000 customers.

Case Summary:

Industry: Water-Wastewater

Challenge: Company recognized need to improve cybersecurity posture, following guidance from DHS, while retaining business continuity.

Solution: OPDS-1000 data diodes deployed to transfer reporting & alarming information and provide remote HMI screen replication.

Benefits: Deterministic, one-way data flow secured OT network from outside influence or attack, and enabled real-time, remote HMI screen monitoring at HQ.

Cybersecurity Challenge

In accordance with Department of Homeland Security (DHS) guidance issued in the paper, “Seven Strategies to Defend Industrial Control Systems,” the company created a cybersecurity plan to reduce the surface area of their operational technology (OT) networks and create a more defensible environment.


  • Change security policy and only execute command and control operations from within the OT/plant network boundary
  • Implement a “disconnected” (segmented) cybersecurity architecture to eliminate all remote access to the OT/plant network.
  • Maintain business continuity through remote-only monitoring policies
  • Enable Human Machine Interface (HMI) screen replication at HQ

Use Case | Before


Owl data diodes utilizing patented technology (OPDS-1000) was selected to remove remote access to the OT network and provide effective network segmentation, and deterministic, one-way data transfer out of OT network. Along with OV2S application, this provided remote system monitoring, transfer of operational reports and a means to replicate HMI screens at remote locations.

Use Case | After



Owl Perimeter Defense Solution – 100 (OPDS-100)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer.

Interface Module:

Owl Virtiual ScreenView Service (OV2S)
Software protocol adapter that enables secure replication of HMI screens within a plant or facility to a remote location.


  1. Improved security according to DHS strategies for defending industrial control systems
  2. Removed all inbound communications to OT networks while providing deterministic outbound data flow for monitoring and business continuity
  3. Enabled HMI screen replication for real-time offsite monitoring
  4. Allowed remote access to operations reports and alarms at HQ