How Revere Helped a Regional Water Utility Strengthen Their Network Security
Cyberattacks targeting critical infrastructure have grown increasingly frequent and sophisticated in recent years. In March 2024, the White House issued a stark warning about “disabling cyberattacks” on U.S. water systems, highlighting the urgent need to protect these essential services. For water utilities, where operational technology (OT) networks directly impact public safety and service delivery, building resilience against such threats is especially important.
For one regional water utility, the path to a secure and resilient OT network began in 2015 with an in-depth network evaluation by Revere Control Systems. What followed was a years-long process of upgrades and strategic improvements, shaping the utility’s network into a robust, future-proofed system.
The Turning Point
Before 2015, the utility relied on a fragmented approach to managing its network, with in-house IT staff overseeing enterprise systems and a third-party provider supporting networking needs. While this setup worked for day-to-day operations, it lacked the specialized expertise required for operational technology (OT) systems, leaving the utility vulnerable to outages and security risks.
At that time, Revere Control Systems had already been a trusted partner for over a decade, working on controls and instrumentation projects, including support for treatment facility upgrades. However, Revere’s involvement was limited primarily to plant control systems. When problems arose, the utility would often turn to Revere for guidance, even as they relied on their third-party provider for network management.
This approach was tested in 2015 when a misconfigured Ethernet switch installed by the third-party provider caused a plant-wide, network-wide blackout. The outage exposed critical weaknesses in the flat network design, where a single failure could cascade across multiple facilities. Utility leadership was shocked by how something as seemingly minor as an Ethernet switch could bring operations to a standstill, and they knew a more integrated approach was needed. Adding to the urgency was the challenge of aligning with NIST cybersecurity standards, which required significant upgrades. Leadership sought a long-term partner who could bridge the gap between IT and OT while providing the specialized expertise needed to secure their operations.
Why Revere?
Amid these challenges, Revere Control Systems emerged as the natural choice. The utility had worked with Revere for years as their preferred automation solutions provider, and this existing relationship had already demonstrated Revere’s reliability, deep industry knowledge, and commitment to quality.
Revere brought a unique combination of strengths that the utility’s leadership team valued:
- Open Lines of Communication: Revere’s team was highly accessible and responsive, delivering solutions quickly and effectively.
- Boutique-Style Service: Revere had the ability to combine the expertise of a large engineering firm with the personalized attention of a smaller company.
- Unmatched Industry and OT Knowledge: With decades of experience in the water and wastewater sector, Revere was uniquely equipped to tackle the specific challenges of managing and securing OT networks and could self-perform key aspects of the network overhaul.
Most critically, Revere’s ability to bridge the IT/OT gap set them apart. IT staff often lack experience with industrial control systems (ICS), which leads to misaligned priorities and the potential for finger-pointing when things go wrong. Revere’s expertise and full accountability would address these issues and eliminate silos of knowledge that currently existed in the more fragmented approach. In the words of the Utilities Director at the facility:
“We chose Revere as they were the primary integrator for our facilities. Our OT staff was familiar with their team and the work product that Revere has delivered. Generally, IT staff are not familiar with network requirements for an industrial control system and that is a big stumbling block for many organizations. Although it was challenging in many ways, Revere was able to help bridge the gap with our IT staff and help them understand why there was a problem with the way our networks were configured and what needed to be changed in order to bring them up to current standards for an ICS”.
Solutions: Strengthening the Foundation (2017–2019)
Revere’s first step was to address the weaknesses in the utility’s flat network. Following a comprehensive network evaluation in 2015, Revere developed a modernization plan based on the Purdue Model for OT and IT segmentation (See Figure 1).
Key Problems, Solutions, and Results
| Problem | Solution | Outcome/Result |
| Lack of documentation | FEED Study for both Enterprise and Operational Technology Networks | System Design including Network Diagrams |
| Flat network design caused cascading failures | Implemented VLANs for segmentation | Reduced risk of system-wide outages and improved traffic management. |
| Single point of failure in network routing | Installed new Cisco 3850 equipment and reconfigured routing to reduce reliance on the Cisco 3825 | Improved redundancy and eliminated bottlenecks. |
| Outdated hardware | Upgraded to Cisco hardware and Allen Bradley Rockwell Stratix switches | Modernized the infrastructure for better reliability. |
| Gaps between IT and OT systems | Unified OT and IT under Revere’s management | Streamlined operations and improved accountability. |
| Disconnected campuses and slow data transfer | Introduced a fiber optic ring to link campuses | Enabled high-speed, reliable communication across sites. |
| Limited HMI capabilities | Transitioned from GE iFIX to VT SCADA for enhanced HMI software functionality | Improved system control and real-time monitoring. |
| Inefficient control system programming | Leveraged Rockwell Studio 5000 to configure and optimize control systems | Enhanced system functionality and streamlined operations. |
These upgrades, implemented in a phased approach over several years, transformed operations. The new segmented network, introduced early in the process, drastically reduced the risk of cascading failures by introducing physical separation, while subsequent upgrades to gigabit and 10-gigabit connections enabled faster, more reliable data transfer across facilities. Each phase of the project built upon the last, gradually strengthening the utility’s infrastructure and aligning it with modern cybersecurity standards.
This incremental strategy highlights two important lessons. First, the importance of involving OT specialists early in the planning process to avoid costly and disruptive retrofits. The utility faced challenges early on, needing to address vulnerabilities left unaccounted for by their initial IT provider. Second, it shows the value of patience and commitment to the process. “Try not to take shortcuts or cut corners to save a few dollars and keep in mind that it is a long journey,” said the Utilities Director. “The important thing is to have a plan, get started, and stay the course.” “As we separated the IT and OT networks and invested in better and more secure assets and procedures, our OT staff noticed that the number of network errors and amount of downtime was significantly reduced,” he continued. “The increased reliability also led to greater confidence and increased efficiencies with staff.”
A New Era: Cybersecurity Upgrades (2021)
By 2021, network upgrades had significantly strengthened internal operations, but external threats demanded a new level of security. At that time, the 2021 Oldsmar, Florida, cyberattack was fresh in the public consciousness. Though later possibly attributed to human error, it was a high-profile incident where hackers were believed to have gained remote access to a water treatment plant.
Recognizing the risks and the need for stronger external protections, the utility expanded Revere’s role in their digital plant services (DPS), tasking them with securing Level 5 of the Purdue Model (internet-facing systems) and enhancing overall network defenses (see Figure 1).
This marked a turning point in the partnership. Prior to 2021, the utility depended on a third-party IT provider for their internet-facing systems, but with the increasing complexity of cybersecurity threats and the demonstrated value of Revere’s expertise, they transitioned full oversight of both their OT and enterprise networks to Revere.
Key Security Upgrades
- Fortinet Firewalls: Provided threat detection, monitoring, and filtering to prevent unauthorized access and protect internet-facing systems.
- Claroty Cybersecurity Software: Enabled secure remote access (SRA) and real-time continuous threat detection (CTD) of OT systems, delivering alerts for vulnerabilities and threats and improving overall network visibility.
A Decade of Progress
The journey to secure and reliable operations is never truly complete. Reflecting on their facility’s transformation, a member of the leadership team shared:
“From the beginning, it can seem overwhelming to tackle cybersecurity both physically and financially. For us, it didn’t happen overnight but over many years. From the time we started understanding the real need and talking about it to complete implementation was probably about 10 years. I would encourage others to not try to do everything at once. Take time to learn about your utility’s cybersecurity needs and phase the implementation process to make it manageable. Outside vendor help and consultants can be critical to success, but be sure you are engaging with qualified third parties who know industrial control systems as well as IT systems.”
Revere’s partnership with this utility continues to grow, reflecting this steady, phased approach to progress. Currently, Revere is assisting with the expansion of their well field, adding 10 new wells to their network. To support this growth, Revere is upgrading Cisco switches to accommodate increased capacity and extending the existing fiber optic ring that connects the campuses. In addition, Revere is working on implementing dual communication pathways for lift stations, ensuring reliable operations even during storms or unexpected outages. These enhancements will further bolster the utility’s resilience and position their network to handle future challenges effectively.
The transformation of this utility’s network highlights the power of trust, expertise, and a phased approach to modernizing critical infrastructure. Cybersecurity and bridging the IT/OT gap may seem daunting, but with the right partners and a clear plan, it’s entirely achievable.
Ready to start taking steps towards securing your network? Contact Revere today to start a conversation.