How to Use Network Segmentation to Follow Proposed Regulations Concerning Information Security for Water Suppliers
There is now a proposal for mandatory adjustments in Livsmedelsverket’s regulations on information security for socially important services. This proposal primarily concerns municipal administrations, companies and administrations that own a public water supply system and thus provide public drinking water.
The proposed regulations concern the information security of the systems used. The regulations concern how a basic level of security in the systems is to be achieved by setting requirements for certain security measures. The focus is primarily on risk analyses and how they are to be carried out, as well as the requirements held on such an analysis. The goal is to achieve a basic level of security and that the proposed actions make it predictable how risk management can be carried out in an appropriate way.
When a risk analysis has been carried out, an action plan must be made and documented by the supplier. The supplier must then ensure that the network and information systems used for the supply and distribution of drinking water are logically or physically separated from information systems or networks that are not covered by the corresponding information security requirements.
How do you separate network and information systems?
To ensure the separation of network and information systems, network segmentation can be used. Network segmentation in situations where one-way communication is important, i.e. where information should only go in one direction, is a task that can be solved in an effective way with the help of data diodes. By using a data diode, you can ensure that the transmission is carried out securely. The integrity or confidentiality of the network is protected by the data diode – whichever is more important to protect.
In Advenica's SecuriCDS Data Diode, both the separation and diode function are based on an optical transmitter and receiver. The design guarantees that no data can pass in the opposite direction. The solution, with its high assurance, protects assets for e.g. players in critical infrastructure and the defence industry.
In situations where information needs to go in two directions, a different type of solution is required for secure network segmentation. A solution that can effectively filter the information and ensure that the organisation's information policy is followed with every transfer is needed.
Advenica's ZoneGuard is a customisable and at the same time simple solution based on allowlisting of information through information policies. The solution ensures that organisations securely and correctly can exchange information between security domains at different levels.
If you want to know more about how data diodes and filtering solutions such as ZoneGuard can be the solution for network segmentation, you are welcome to contact us.