Midland Texas Transforms Water Purification Cyber Security With Agilicus AnyX
The City of Midland, Texas chose Agilicus AnyX Zero Trust to secure its water purification and production plant.
Executive Summary
The City of Midland, Texas, faced significant challenges in managing the security and efficiency of its water purification and production systems. The use of a Supervisory Control and Data Acquisition (SCADA) system introduced vulnerabilities and potential attack surfaces, particularly with remote access and system control. To address these issues, Midland turned to Agilicus for a tailored Zero Trust platform.
Agilicus AnyX, with its robust Zero Trust Network Access product, provided Midland with a secure and scalable solution, addressing unauthorized access, regulatory compliance, and system management inefficiencies. Key features such as multi-factor authentication, role-based access controls, and continuous monitoring were integral to this solution.
Beyond meeting The City of Midland’s requirements, Agilicus AnyX ensured compliance with the latest Zero Trust architecture standards, protecting operations from evolving cyber threats and aligning with industry guidelines like NIST SP 800-82 and ISA/IEC 62443. With minimal training requirements, and no new client installations, the Agilicus AnyX solution was easy to integrate into Midland’s existing environment without disrupting operations during implementation.
The positive impact on Midland’s operations was substantial:
- 95% reduction in unauthorized access attempts
- >30% improvement in system up-time and operational reliability resulting in reduced mean-time-to-repair
- Enhanced granular control over system access and regulatory compliance
Superintendent Raymond Saddler praised the transformation, noting that the solution not only enhanced security but also significantly improved operational efficiency. With Agilicus, Midland now has a secure, compliant, and efficient water purification system, serving as an exemplary model for municipalities across the country.
This case study demonstrates the transformative potential of Agilicus AnyX in securing critical infrastructure, ensuring regulatory compliance, and streamlining operations. It serves as a compelling real-world example for other water purification and production facilities looking for a robust and user-friendly cyber security solution.
Introduction
The City of Midland, TX, is committed to providing excellent services to its residents. With this goal in mind, managing cyber security and remote access for its water purification and production systems has been a major challenge. The use of a SCADA system, while necessary for monitoring and controlling operations, introduced the possibility of critical vulnerabilities. Unauthorized access to the systems posed a significant risk to water quality as well as public health. Compliance with emerging Zero Trust architecture mandates was sought to avoid severe regulatory penalties. Additionally, the departure of the previous service provider left Midland with an unclear system setup, exacerbating security risks and operational inefficiencies.
Midland faced immediate and pressing challenges, including regaining administrative control over system access, ensuring regulatory compliance, clarifying system setup, and simplifying system management. The city’s operational continuity and the well-being of its residents were at stake, requiring a robust and reliable solution.
To address these challenges, Midland turned to Agilicus for an effective solution. AnyX -The Zero Trust Platform offered by Agilicus effectively met Midland’s key requirements, including identity-based secure remote access, precise control, vendor access management, and streamlined operations. This case study explores Midland’s experience, the difficulties faced, the solutions implemented, and the positive results achieved.
About Midland, Texas
Midland, Texas, situated in the heart of the Permian Basin, is known for its significant contributions to the oil and gas industry. The city has a population of approximately 140, 000 residents and serves as a key hub for energy production. In addition to its energy sector, Midland boasts a diverse economy that includes healthcare, education, and manufacturing industries.
The Midland Water Purification Plant, located in Midland, Texas, is responsible for purifying and distributing water to the city. Utilizing a SCADA system, the plant ensures the delivery of clean and safe water to residents. Superintendent Raymond Saddler oversees the plant’s operations, with a focus on maintaining system security and operational efficiency.
Challenges and Goals
Challenges
- Lack of oversight on system access: Midland faced challenges in controlling and monitoring system access, resulting in major security threats as unauthorized entry could lead to breaches, operational disruptions, and compromised water quality.
- Compliance with upcoming regulations: The plant needed to comply with upcoming Zero Trust architecture mandates. This required a solution that could guarantee compliance and enhance security, preserving the integrity of the water purification process and preventing potential legal and financial consequences.
- Unclear system setup: The previous service provider departed Midland without fully understanding their system’s setup. This resulted in vulnerabilities and operational inefficiencies, making it difficult to effectively manage and secure the system.
- Ease of implementation and management: Midland required a solution that was easy and swift to implement and manage without extensive training or new client software installations. The team needed a user-friendly solution that could be seamlessly integrated into their current operations, leveraging their current identities without causing major disruptions.
Goals
- Regain control over system access: implement a solution that allows for precise control over system access, increasing security and operational supervision. This objective was to prevent unauthorized entry and restrict critical system interaction to qualified personnel only while maintaining a security Principle of Least Privilege.
- Ensure compliance with zero trust architecture: adopt a solution that strengthens the plant’s security framework and protects it from evolving cyber threats and regulatory challenges, ensuring that the plant is secure and future-proof.
- Clarify system setup: achieve a clear understanding and streamlined management of the plant’s SCADA system to improve reliability and minimize operational disruptions, reducing security risks and operational inefficiencies.
- Simplify implementation and management: deploy a solution that is simple to implement and manage, minimizing the need for extensive training and additional resources. This goal is crucial for ensuring a smooth transition and allowing the team to focus on their core responsibilities.
Agilicus AnyX
Agilicus AnyX provided a comprehensive and robust solution tailored to Midland’s unique needs, addressing their key challenges and goals with precision and effectiveness.
Enhanced Control Over System Access
Agilicus AnyX was key in helping Midland regain control over their water purification and production system. The solution implemented detailed and granular access controls leveraging existing staff and vendor credentials, allowing the plant to specify who could access the system, what parts they could access, and when they could do so. This was achieved through a combination of multi-factor authentication and role-based access controls.
By using multi-factor authentication, Midland ensured that every access attempt was verified through multiple authentication steps, significantly reducing the risk of unauthorized access. Role-based access controls enabled the plant to assign specific permissions to different users based on their roles, ensuring that each user only had access to the resources necessary for their job functions.
Zero Trust Architecture Compliance
Agilicus AnyX was designed with Zero Trust principles at its core, ensuring that Midland’s operations could comply with the latest cyber security mandates. The platform enforced a least-privilege access model, meaning users were granted the minimum level of access necessary for their tasks. This approach minimized the potential attack surface and prevented lateral movement within the network.
The solution also included advanced security features such as network segmentation, continuous monitoring, and automated threat detection, aligning with industry standards like NIST SP 800-82 and ISA/IEC 62443. These measures ensured that Midland’s water purification system was protected against evolving cyber threats and met all regulatory requirements.
Clear and Manageable System Setup
A critical issue Midland faced was the unclear system setup left by the previous service provider. Agilicus collaborated closely with Midland to gain a thorough understanding of their SCADA system and streamline its management. The solution provided a complete and transparent overview of the system’s architecture, including detailed documentation and visual representations of the network topology and layout. This clarity enabled Midland’s team to manage the system more effectively, reducing operational disruptions and security risks.
Ease of Implementation and Management
Agilicus AnyX was designed to be user-friendly and straightforward to implement. The deployment process required minimal training and did not necessitate new client installations, which minimized disruptions to Midland’s operations. The solution featured a centralized management system that allowed administrators to monitor and control all access points from a single interface. This centralized approach simplified the management of user permissions, access logs, and audit trails, ensuring comprehensive oversight and regulatory compliance.
Specific Use Cases
Secure Remote Access Protocols
Midland needed a secure way to remotely access their water treatment plant operations without relying on traditional solutions like TeamViewer, which no longer met their security requirements. Agilicus AnyX provided a secure and streamlined remote access solution for their automation systems and Human-Machine Interface (HMI) panels, such as GE iFIX®.
Agilicus AnyX enabled secure remote access through its robust Zero Trust Network Access framework, ensuring that all connections were authenticated and authorized before granting access. This was accomplished without the need for a VPN, which often introduces vulnerabilities. Instead, Agilicus AnyX utilized a secure, browser-based access method that allowed operators to monitor and control the system from any location while maintaining stringent security measures.
The solution supported a variety of remote access protocols, including VNC, RDP, SSH, and HTTPS, enabling seamless and secure interaction with operational technology assets. By leveraging these protocols, Midland’s team could perform remote maintenance and management tasks efficiently and securely. This capability was crucial for responding to issues in real time and ensuring continuous operation without the need for physical presence.
Additionally, the implementation of secure remote access protocols provided by Agilicus AnyX included multi factor authentication and detailed session logging. Multi-factor added an extra layer of security, ensuring that only verified users could access critical systems. Detailed session audit logs provided comprehensive oversight, allowing Midland to monitor remote access activities, detect any anomalies, and ensure compliance with regulatory requirements.
By adopting Agilicus AnyX, Midland significantly enhanced the security and efficiency of their remote access capabilities. The solution allowed the team to maintain operational control from anywhere, ensuring that the water purification and production systems remained secure and functional at all times.
Granular Control Over System Access
Agilicus AnyX provided Midland with granular control over system access, ensuring that only authorized personnel could interact with critical systems. This was achieved through a combination of multi-factor authentication and role-based access controls. Multi-factor required users to verify their identity through multiple authentication steps, significantly reducing the risk of unauthorized access. Role-based access controls allowed the plant to assign specific permissions to different users based on their roles, ensuring that each user only had access to the resources necessary for their job functions.
For instance, operators could fully access operational dashboards and control systems, while vendors (using their existing corporate identities) were granted defined access to specific areas necessary for maintenance tasks. This approach minimized the potential attack surface and prevented lateral movement within the network. Detailed access controls allowed Midland to enable different access levels for individual users, ensuring that each individual had the appropriate and sufficient level of permission for their role. This level of control (based on the Principle of Least Privilege) was critical in maintaining the security integrity of the water systems, providing a clear audit trail for all access activities and ensuring compliance with regulatory requirements.
By implementing these detailed access controls, the plant reported a significant reduction in unauthorized access attempts, demonstrating the effectiveness of the new system in safeguarding critical infrastructure.
Vendor Access Management
Agilicus provided a robust solution for managing vendor access, which was critical for maintaining the security integrity of Midland’s water systems. Traditionally, vendor access introduced significant risks due to broad network privileges, insufficient monitoring, and credential recycling. Agilicus AnyX addressed these risks by implementing a secure, controlled access framework specifically designed for third-party interactions.
The solution included automated permission protocols that ensured vendor access was granted only when necessary and for specific tasks. Vendors were authenticated using multi-factor authentication, adding an extra layer of security and ensuring that only verified individuals could access the system. Role-based access controls further restricted vendor interactions to the minimum necessary permissions, reducing the potential attack surface and preventing unauthorized access to sensitive areas of the network.
Agilicus AnyX provided a centralized management system that allowed Midland to monitor and manage vendor access in real time. Administrators could easily set up, modify, and revoke access permissions through a user-friendly interface. This capability ensured that vendor access was closely monitored and tightly controlled, with detailed logs and audit trails available for all access activities.
Additionally, the solution supported both scheduled and on-demand access, allowing vendors to connect to the system only during predetermined times. This scheduling feature further minimized the risk of unauthorized access outside of designated maintenance windows. Protocol restrictions ensured that vendors could only use specific, secure protocols like SSH, RDP, or HTTPS, while re-issuing multi-factor authentication requests, further enhancing the security of remote interactions.
By implementing Agilicus AnyX for vendor access management, Midland significantly improved the security posture and oversight of third-party interactions. Vendors found the system easier to use, with clear access permissions as well as easy-to-understand authentication processes. This improved collaboration and reduced the time needed for maintenance and support tasks. The comprehensive access controls and detailed monitoring capabilities provided by Agilicus AnyX ensured that Midland’s water purification and production systems remained secure, efficient, and compliant with regulatory requirements.
Centralized Management System
Agilicus AnyX introduced a centralized management system that greatly enhanced how Midland managed access and security for their water purification and production systems. The centralized management system provided a single interface for administrators to monitor and control all access points, significantly simplifying operations and enhancing security oversight.
The system allowed administrators to easily define and enforce access policies across the entire network. Through the intuitive interface, they could assign role-based access controls, set up multi-factor authentication, and manage user and group permissions with precision. This capability ensured that access to critical systems was strictly regulated and only granted to authorized personnel based on their identities, roles and responsibilities.
One key feature of the centralized management system was its comprehensive audit and logging functionality. Every access attempt, whether successful or not, was logged in detail, providing a complete audit trail that could be used for compliance reporting, governance, and security analysis. This detailed logging helped Midland maintain compliance with industry standards like NIST SP 800-82 and ISA/IEC 62443, and provided valuable insights into access patterns and potential security threats.
Additionally, the system facilitated seamless integration with existing identity providers and multi-factor authentication solutions already deployed. This integration allowed Midland to leverage their existing infrastructure for user authentication, reducing complexity and ensuring a consistent security posture across all access points.
The user-friendly design of the centralized management system made it easy for Midland’s team to manage and monitor access without extensive training. The streamlined processes and centralized control improved operational efficiency, allowing the team to focus more on their core responsibilities rather than administrative tasks. The ability to manage all access points from a single interface simplified operations, improved resource allocation, and ensured comprehensive regulatory compliance. This enhanced control and visibility were critical in maintaining the security and reliability of Midland’s water purification and production systems.
Implementation Process
Assessment and Planning
Agilicus assessed Midland’s existing system and identified key areas for improvement. A detailed implementation plan was developed to deploy the solution, with close collaboration with Midland’s team to address their specific needs and challenges.
Deployment
The Agilicus team worked closely with Midland to deploy the solution, including setting up access controls, configuring security measures, and integrating with the plant’s SCADA system. The deployment process minimized disruptions to plant operations for a smooth transition.
Training and Support
Agilicus provided comprehensive training on all aspects of the solution, including access controls, security measures, and centralized management. Ongoing support was also available to address any issues and optimize system performance.
Monitoring and Optimization
Post-deployment, Agilicus continued to monitor the system, providing optimization recommendations and ensuring effectiveness in addressing Midland’s needs. This involved continuous performance monitoring, identifying areas for improvement, and implementing necessary adjustments for enhanced security and efficiency.
Technical Details of the Agilicus AnyX Solution
Network Architecture
Agilicus AnyX utilizes a modern, cloud-centric approach hosted on Google Cloud with a High-Availability Active-Active setup across multiple data centers. This ensures unmatched reliability and availability for organizations of all sizes.
Key Components
- Agilicus AnyX Connector: A sophisticated network service that enables secure, TLS-Encrypted-Only connections exclusively to the AnyX Cloud platform through an outbound TCP port (443). The Connector is self-contained with no local system dependencies and uses The Update Framework for self-contained life-cycle management.
- Cloud Service: Acts as the central hub for configuration, deployments, management, authentication, authorization, and policy enforcement. It’s designed for high availability and scalability, utilizing global data center partners to optimize performance and reliability.
Data Flow and Security
- All Agilicus connections use TLS 1.3, ensuring the latest most efficient and secure encryption.
- Perfect Forward Secrecy is implemented with robust cipher suites to protect against data interception.
- Complete management of SSL certificate generation with the world’s largest Certificate Authority as a partner.
- Certificate transparency maintains an audit trail for all issued certificates.
Identity and Access Management
Agilicus AnyX integrates with existing identity providers through industry standard protocols such as OpenID Connect, supporting federation with multiple providers. This allows organizations to leverage their existing user databases while implementing strong multi-factor authentication and fine-grained access controls.
Compliance and Standards
The Agilicus AnyX platform aligns with key cyber security standards and frameworks, including:
- NIST Cybersecurity Framework
- OpenID Connect
- WebAuthN, FIDO2, Passkeys
- ISA/IEC 62443 Standards for industrial control systems
Obstacles and Solutions
Obstacle 1: Initial Resistance to Change:
Some team members were initially resistant to the new system. Agilicus addressed this by making the user experience familiar and easy to use, providing detailed training and demonstrating the benefits of the solution. The training sessions included hands-on demonstrations and real-world examples. This helped the team understand the advantages of the new system and how it would improve their operations.
Obstacle 2: Integration Challenges:
Integrating the new solution with the existing SCADA system posed some challenges. Agilicus technical team worked closely with Midland to ensure seamless integration. This involved configuring Agilicus AnyX to fit the plant’s specific requirements and addressing any compatibility issues. As a result, the integration process was successful, and the new system was seamlessly integrated with the existing one.
Results and Outcomes
Key Outcomes
- Improved Control Over System Access: Midland regained complete control over their water purification and production system with the implementation of Agilicus AnyX. Detailed access controls and audits ensured that only authorized personnel could access the system, significantly enhancing security and operational oversight. Unauthorized access attempts dropped by 95%, demonstrating the effectiveness of the new access controls.
- Compliance with Zero Trust Architecture: The Agilicus solution ensured that Midland complied with upcoming Zero Trust requirements. This strengthened the plant’s security framework, reducing the risk of breaches and ensuring regulatory compliance. As a result, Midland successfully met all the regulatory requirements it sought, avoiding potential legal and financial repercussions. The plant is now fully aligned with industry standards like NIST SP 800-82 and ISA/IEC 62443.
- Clear Understanding of System Setup: Midland achieved a clear understanding of their SCADA system setup, thanks to the comprehensive documentation and system overview provided by Agilicus. This improved management, reduced security risks, and enhanced operational efficiency. The plant’s team reported a better grasp of the system’s architecture and functionality, enabling them to manage it more effectively and respond quickly to any issues.
- Ease of Implementation and Management: The Agilicus solution was easy to implement and manage, requiring minimal training and no new clients. This streamlined the transition process and ensured ongoing ease of use. The centralized management system allowed the plant’s team to monitor and control all access points from a single interface, further simplifying operations and enhancing security.
Quantitative Data
- 90% Improvement in Access Control Management: Detailed logs and audit trails provided comprehensive oversight, ensuring that only authorized personnel could access the system.
- 100% Compliance with Zero Trust Architecture Requirements: Midland successfully met all regulatory requirements, avoiding potential legal and financial repercussions.
- 50% Reduction in Time Spent Managing the SCADA System: The streamlined management process allowed the team to focus more on core responsibilities and less on administrative tasks.
- 95% Reduction in Unauthorized Access Attempts: The implementation of multi-factor authentication and role-based access controls significantly reduced the risk of unauthorized access.
- 30% Improvement in System Up-time: Enhanced system reliability and reduced operational disruptions led to more consistent and reliable water purification and production.
Qualitative Insights
Customer Testimonials
Superintendent Raymond Saddler praised the transformation, stating,
“Agilicus has revolutionized our operations. We now have complete control over the system and enhanced security, which has significantly improved our operational efficiency. The ease of use and compliance with Zero Trust regulations have been game-changers.”
Operational Efficiency
The plant’s team reported that the user-friendly interface and centralized management system made daily operations smoother and more efficient. Detailed documentation provided by Agilicus enabled quicker troubleshooting and more effective system management. One team member mentioned, “The intuitive design of the Agilicus platform has drastically reduced the time we spend on administrative tasks, allowing us to focus more on maintaining and improving our water purification processes.”
Vendor Management
Vendors found the new system much easier to use, with clear access permissions and a straightforward authentication process. This improved collaboration and reduced the time needed for maintenance and support tasks. A vendor commented, “The Agilicus system made our job significantly easier. The access controls were clear, and the authentication process was seamless, allowing us to perform our tasks without unnecessary delays.”
Security Assurance
The enhanced security measures, including multi-factor authentication and detailed audit trails, provided Midland with peace of mind. The plant noted,
“The robust security features of Agilicus AnyX have greatly reduced our concerns about unauthorized access. The detailed audit trails have been invaluable for compliance and security monitoring.”
Future Plans and Scalability
Midland plans to integrate more sites and onboard their vendors onto the Agilicus platform, enhancing maintenance and operational efficiency. Agilicus will continue to support Midland as their needs evolve, ensuring the security, compliance, and efficiency of their water purification and production systems.
Conclusion
The City of Midland, TX, faced challenges in managing its water purification and production systems. Agilicus’ comprehensive solution helped Midland regain control over system access, ensure compliance with Zero Trust architecture, clarify their system setup, and streamline management processes. This resulted in enhanced security, improved operational efficiency, and regulatory compliance.
Potential customers are encouraged to consider Agilicus’ solution, as demonstrated by the success of the City of Midland. Adopting Agilicus’ robust and user-friendly solution can enhance cyber security, streamline operations, and ensure regulatory compliance, ultimately improving service quality and reliability.
Get In Touch
Ready To Learn More?
Agilicus AnyX Zero Trust enables any user, on any device, secure connectivity to any resource they need—without a client or VPN. Whether that resource is a web application, a programmable logic controller, or a building management system, Agilicus can secure it with multi-factor authentication while keeping the user experience simple with single sign-on.
info@agilicus.com, +1 519 953-4332
300-87 King St W, Kitchener, ON, Canada. N2G 1A7
info@partner.com, +1 555 555-5555
1 Main Street, Townsville, ON, Canada. POST-CODE