In February 2021, an unidentified attacker remotely accessed the SCADA system of the Oldsmar, Florida water treatment plant and increased sodium hydroxide (lye) levels to 111 times the normal concentration. The attack was detected within minutes by a vigilant operator who reversed the change, but the incident exposed a systemic vulnerability: the vast majority of US water utility SCADA systems were never designed with network-level cybersecurity in mind.
Industrial control systems (ICS) managing water treatment and distribution infrastructure typically rely on protocols — Modbus, DNP3, ICCP — that were developed in the 1970s and 1980s for serial communications between co-located devices. These protocols carry no inherent authentication, no encryption, and no message integrity verification. A device on the same network segment can read or write to a SCADA endpoint simply by transmitting correctly formatted frames.
The threat landscape has transformed fundamentally. State-sponsored APT groups — Volt Typhoon (PRC), Sandworm (Russia), and CyberAv3ngers (Iran-affiliated) — have each demonstrated active intrusion capabilities against US water sector OT networks, according to CISA advisories published between 2021 and 2024. The FBI's March 2024 warning specifically cited water utilities as a primary targeting priority for infrastructure disruption campaigns.
The fundamental problem is the IT/OT convergence gap. Water utilities have increasingly connected legacy SCADA networks to corporate IT networks and, in many cases, to the internet — motivated by remote monitoring convenience, centralised management, and vendor remote access requirements. Without a proper DMZ architecture separating OT and IT networks, this convergence creates attack vectors that exploit IT-side vulnerabilities to reach OT-side control systems.
The Smart Water Platform's SCADA Integration Architecture uses a hardened DMZ model: data flows unidirectionally from OT to IT through a data diode at the network perimeter. SCADA protocols terminate within the OT-side historian, and only time-series data (not control commands) crosses the DMZ. This architecture provides real-time operational intelligence to the IT-side platform while maintaining the physical separation that prevents any IT-side compromise from reaching control systems.