OT/IT convergence creates unique vulnerabilities in water infrastructure. We test your ability to detect, isolate, and recover from attacks that threaten service delivery and public safety.
Purpose-built exercises for utilities managing SCADA systems, treatment processes, and distribution networks — where a cyber incident means more than data loss.
Average reduction in incident detection-to-containment time
Of identified SCADA access control gaps remediated within 60 days
Improvement in cross-department coordination response
From first exercise to board-ready resilience documentation
Why water & wastewater utilities organizations are investing in structured exercise programs.
SCADA, HMI, and treatment control systems increasingly share network infrastructure with corporate IT — but incident response plans rarely address both domains. An attacker who compromises email can reach PLCs.
Water utilities are actively targeted by state-sponsored actors (Volt Typhoon, CyberAv3ngers) and hacktivists. These aren't theoretical threats — they're documented intrusions at utilities in the US.
EPA cybersecurity requirements are expanding, state regulators are increasing expectations, and CISA is publishing advisories — but most utilities lack the internal expertise to translate guidance into operational readiness.
Many water utilities operate with 1-3 IT staff and limited cybersecurity expertise. Remote access for SCADA maintenance, vendor connections, and legacy systems create an attack surface that exceeds available resources.
Real adversary tactics we test against in every engagement.
Unauthorized access to supervisory control systems — changing treatment chemical levels, manipulating pressure settings, or disabling monitoring. Tested with realistic OT attack scenarios.
Ransomware that moves from IT to OT networks, encrypting historian data, disabling remote access, or impacting SCADA visibility. Tests your isolation decisions under time pressure.
Compromised vendor remote access, malicious firmware updates, or poisoned software supply chains targeting utility-specific systems and integrators.
Misuse of legitimate access by employees or contractors — shared credentials, excessive OT access privileges, and lack of monitoring on critical system changes.
Subtle manipulation of sensor data, historian records, or compliance reporting — attacks designed to go undetected while undermining operational trust and regulatory compliance.
Scenarios that test decision-making when cyber incidents threaten water service delivery — boil water advisories, treatment interruptions, and multi-agency emergency coordination.
Custom-designed for water & wastewater utilities environments. Every scenario is MITRE ATT&CK-mapped.
Nation-state actor compromises remote access VPN and reaches SCADA HMI — treatment chemical dosing is altered
Ransomware propagates from business network to OT historian and engineering workstations
Compromised vendor laptop introduces malware during routine SCADA maintenance
Hacktivist group claims to have accessed treatment controls — media picks up the story before you can verify
Insider with legitimate access modifies PLC logic to disable chlorination alerts
Coordinated attack disrupts water service during extreme heat event — multi-agency response required
Data integrity attack manipulates flow sensor data, leading to incorrect compliance reporting
Phishing campaign targets utility staff with fake regulatory compliance portal
We understand OT/IT convergence — our scenarios test real SCADA, HMI, and PLC decision points, not just IT network incidents
Exercise scenarios built from actual adversary campaigns targeting the water sector (CISA advisories, FBI alerts)
Deliverables map directly to EPA cybersecurity expectations and state regulatory requirements
We test the decisions that matter: when to isolate OT, how to notify the public, when to activate mutual aid
Small-team friendly — exercises designed for utilities with limited cybersecurity staff
After-Action Reports include specific remediation steps prioritized for water utility budgets and operational constraints
Experience across municipal water, regional authorities, and wastewater treatment facilities
Framework alignment (NIST 800-82, AWWA) that satisfies board governance and insurance requirements
Start where your organization is. Build from there.
First structured exercise with full capability assessment.
Schedule Scoping CallMaturity scoring, playbook recommendations, executive accountability.
Schedule Scoping CallFull-day executive crisis simulation with remediation roadmap.
Schedule Scoping CallView full service details, add-ons, and advisory retainers →
A 30-minute scoping call is all it takes. We'll learn your environment and design an exercise that builds real operational readiness.