Water

The threat picture

Water is one of the lowest-tolerance sectors for OT incidents. A setpoint change at a treatment plant, an unauthorised PLC command at a pump station, or a tampered sensor reading is not just a service issue — it is a public-health incident.

Water utilities increasingly run cloud-connected SCADA, IIoT-monitored networks, and remote-access pathways for vendors and field crews. Each of those is an entry point.

What xCIRT covers

• Treatment plants — Chemical dosing, filtration control, and the SCADA / HMI layer that operates them.
• Distribution networks — Pump stations, pressure-zone management, and remote-monitoring telemetry.
• Field IoT — Smart meters, leak-detection sensors, and the gateways aggregating them.
• Vendor and contractor access — Remote-support pathways into OT, often the most overlooked exposure.

Where we help

• Water-sector IR playbooks including telemetry tampering, setpoint integrity, and remote-access compromise.
• SOCI / CIRMP readiness sized for water utilities.
• Vendor-access risk reviews for the contractors who routinely touch OT.
• 24/7 retainer engagements with sector-aware responders.

The questions we usually start with

• If a telemetry reading at a treatment plant looked wrong, would your team trust the sensor, the SCADA, or neither — and how fast?
• Which vendors have remote access into your OT today, and what would containment of a compromised vendor look like?
• Is your IR plan written so the public-health team and the SCADA team are on the same page from minute one?