Cookie Settings
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

Water and Wastewater

The Security Risks of Using VPNs in Water and Wastewater Facilities


Water and wastewater facilities have relied on Virtual Private Networks (VPNs) for years. 

But how secure are they, really? 

The short answer is they aren’t. 

The longer answer is that as the number and complexity of security threats continue to increase exponentially, VPNs and other traditional network access tools simply can’t keep up with modern solutions. This should be especially concerning for water and wastewater facilities as critical infrastructure services like these are being increasingly targeted by cyber attacks.

In this article, we’ll help you understand the risks and what to do instead so you can protect your critical infrastructure and the community you serve. 

Security Risks for Water and Wastewater: Why VPNs Leave You Open to Cyber Attacks

VPNs leave your water and wastewater facilities vulnerable to cyber threats for several reasons: 

Insufficient Access Control

VPNs allow remote access to the facility’s entire network, which can be convenient for remote monitoring and maintenance tasks. However, if unauthorized individuals gain entry to the network, they could potentially control or manipulate your critical water networks. 

Inadequate Security

VPNs often rely on poorly configured and outdated encryption protocols to protect data transmitted over the network. This can create significant security vulnerabilities and potentially expose sensitive data or allow malicious actors to intercept and manipulate network traffic.

Vulnerable to Insider Threats

VPNs can also inadvertently provide an opening for insider threats. Malicious insiders, such as disgruntled employees or contractors, can abuse their access privileges to laterally traverse your network and sabotage or compromise critical infrastructure systems.

Lack of Network Segmentation

Water and wastewater facilities typically have complex and interconnected networks that include various operational technology (OT) systems. A VPN may not have the secure segmentation needed to prevent unauthorized access to critical systems via the VPN. 

Dos and Don’ts

  • Don’t overlook VPN software vulnerabilities: Stay informed about potential vulnerabilities and exploits related to the VPN software you are using. Regularly check for updates and security patches released by the vendor, and promptly apply them to protect against known vulnerabilities.
  • Don’t rely on VPNs for security: Better yet, don’t use a VPN at all! While VPNs are often used in water and wastewater facilities to provide an additional layer of security, they aren’t an effective modern solution. 
  • Do leverage Zero Trust instead: Instead, switch from a perimeter-based (firewall and VPN) model of access to a user-to-resource model through Zero Trust. It’s simpler and more secure. 
  • Do Enforce Strict Access Controls: Implement granular access controls to ensure that only authorized individuals can connect to your network. Regularly review and update access privileges to prevent unauthorized access and regularly revoke access for employees or contractors who no longer require connectivity. 
  • Do implement strong authentication: Ensure that strong authentication mechanisms (like multi-factor authentication) are leveraged as much as possible to verify the identities of users attempting to access your network. This adds an extra layer of security and helps prevent unauthorized access. 

Transition Your Water and Wastewater Facilities to a Zero Trust Architecture with Agilicus

Now that you know the risks and the best practices, how do you transition to a Zero Trust architecture?

Well, with Agilicus, you can leverage Zero Trust to deploy a robust, seamless solution in just one hour with no disruption to your operations and no VPN. 

Here’s How We Do It: 

Agilicus grants access to specific resources based on stringent authentication and authorization principles, rather than allowing broad access to your entire network (like a VPN would). This significantly reduces the damage a cyber attacker can do once they’re inside your network and eliminates the risks associated with lateral traversal entirely. 

We also make it easy to proactively defend your critical infrastructure too by enforcing multi-factor authentication, eliminating shared credentials, (which we discussed in more depth in part one of this series), and providing comprehensive visibility into the network. This allows your IT team to detect and respond to potential threats promptly. 

Finally, Agilicus gives your remote workers and third-party vendors secure access to only the resources they need to do their work. This restricts them from accessing the rest of your network, further securing your systems. We also allow you to enforce strong security measures on their third-party devices to prevent anything from being introduced to your network. 

Discover the Agilicus Difference

Learn more about how Agilicus can help you implement a Zero Trust Architecture here. Or, check out this case study to learn how we helped a municipality secure its water treatment facility’s operational technology.