Water and Wastewater infrastructure relies on critical assets that form the backbone of public health and environmental safety.
Standard network-centric security cannot guide operators through the physical chaos of an evolving, multi-stage cyberattack.
SIGA provides an uncompromised source of truth and automated playbooks that deliver step-by-step incident response based on real-world process data.
Legacy Challenge
Attack Scenarios
SIGA monitors raw electrical signals at Level 0 to provide an unfiltered view of the physical process.
By analyzing data directly from the source, it identifies malicious manipulation of PLC logic or sensor values – including false data injections – even when the HMI is spoofed.
01 |
Attack Vector
Altering the chemical dosing process, changing of disinfectants levels
02 |
Consequence
Excess or insufficient chemical dosing leads to unsafe water supply
03 |
impact
Public health is jeopardized, with potential widespread waterborne illnesses and environmental damage
The solution suite provides the earliest alerts during the expression phase of an evolving OT cyber-attack.
It supports the entire Incident Response process by offering process attack simulation for team preparation, real-time threat detection and classification, and critical decision support for containment and recovery.
Multi-Level Operational Resilience for the Water & Wastewater Sector
Our comprehensive, multi-level OT cybersecurity suite, comprising three standalone cybersecurity solutions:
The physical foundation. An out-of-band hardware sensor that captures raw electrical signals to establish uncompromised "Physical Truth".
The analytical engine. Advanced software that correlates Level 0-4 data to identify False Data Injection and stealth attacks in real-time.
A simulator that safely injects software-based anomalies to train teams on real attack patterns without risking live equipment.
Key Benefits
Early Threat Detection
Detects physical impact during the exploitation phase, before processes are compromised.
High-Certainty Insights
Distinguishes genuine cyber incidents from operational faults using physical validation.
Regulatory Compliance
Provides the forensic evidence needed for NERC, NIS2, and CIRCIA reporting.
Zero Operational Risk
Fully non-intrusive, out-of-band architecture with no impact on live equipment.
Physical Process Validation for Regulatory Compliance
Water and wastewater infrastructure operates under increasing federal and international cybersecurity obligations. SIGA provides verifiable, process-level monitoring that supports compliance and risk mitigation under the following frameworks:
EPA WATER SECTOR CYBERSECURITY PROGRAM (US):
A guidance-based initiative supporting water and wastewater utilities in strengthening OT cybersecurity. While the Program itself is not mandatory, Community Water Systems serving over 3,300 people are required under SDWA Section 1433 (AWIA 2018) to conduct Risk and Resilience Assessments (RRAs) and maintain Emergency Response Plans (ERPs). Process-level visibility supports identification of OT vulnerabilities and incident response planning.
U.S. CIRCIA:
Applies to covered critical infrastructure entities, including qualifying water and wastewater utilities. Requires reporting significant cybersecurity incidents within 72 hours and ransomware payments within 24 hours, increasing the need for timely detection across OT environments.
ISA/IEC 62443:
Provides a comprehensive framework for securing Industrial Automation and Control Systems, including sensors and actuators that directly control physical processes. Protecting Level 0 assets is essential to maintaining system safety and operational reliability.
Learn More
Learn how Multi-Level visibility provides an uncompromised source of truth for OT cybersecurity.
Frequently Asked Questions
Most water and wastewater utilities rely on legacy assets with architectural vulnerabilities that cannot be remediated via software updates. These systems often lack native security controls or the capability to validate command integrity. The assumption that any command received via the network is legitimate creates a permanent risk where an attacker can engage in unauthorized logic modification or data spoofing (such as altering chemical dosing or pump speeds) that remains invisible to traditional, signature-based monitoring tools.
SIGA addresses these inherent vulnerabilities by shifting the point of observation to Level 0 of the Purdue Model. Raw electrical signals (I/O) are monitored directly from the physical equipment, such as sedimentation tank pumps or chemical dosing valves.
This creates an out-of-band "source of truth" - unfiltered data that remains trustworthy even if the higher-level supervisory networks are compromised. By applying machine learning to these signals, deviations are detected in real-time, allowing for the verification of process integrity even if the HMI or PLC is blinded.
SigaML² provides high-certainty alerts by validating system-reported values against raw electrical signals captured directly from the physical equipment. By analyzing data at Level 0, the system maintains a reliable baseline that remains trustworthy regardless of the state of the upper network layers.
By identifying discrepancies between the process-level data and the upper-level reports during the expression phase, the system differentiates between legitimate operational events - such as a pump failure - and OT cybersecurity incidents like False Data Injection. This high-resolution visibility enables the classification of an event as an operational fault or a cyber breach, ensuring that threats designed to mimic routine failures, such as unauthorized valve actuation, are exposed.
No. To achieve comprehensive process visibility and situational awareness, only a strategic subset of critical signals (typically just 3–10% of total I/O) needs to be monitored. This focused approach ensures the protection of high-impact assets, such as main pumps, emergency shutoff valves, and chemical dosing systems, maintaining a robust security posture without excessive data overhead.