Melbourne Water Upgrades to Protect From Cyber-attack
UXC Connect has undertaken a multimillion-dollar security upgrade at Melbourne Water to protect the utility's IT and operational technology (OT) networks from the risk of cyber-attack.
A supervisory control and data acquisition (SCADA) review had recommended that Melbourne Water segregate its corporate and industrial networks, and turned to CSC-owned UXC Connect to help "protect against modern-day threats".
The security and network architectures required security enforcement and general protection while accommodating the productivity needs of mobile and office workers, who required scalable and safe access to cloud services.
UXC Connect isolated and protected SCADA, plant control system, office automation, network management, surveillance, and guest services traffic across the network. UXC has also implemented quality of service and class of service to protect SCADA and closed circuit television network traffic.
The IT provider put in place best-practice security controls to protect the network foundation in accordance with Cisco’s SAFE guidelines, aligned with ISO standards and NIST best practices. This addressed the needs for risk mitigation and enabled flexibility with any modifications required to support the realisation of Melbourne Water’s enterprise architecture infrastructure roadmap.
The IT provider used clustered Cisco ASA firewalls to segregate IT, OT and management networks and provide the foundation for the segregated corporate, SCADA and management architectures.
Riverbed SteelCentral platform was selected as the NetFlow solution to enable advanced monitoring and in-depth visibility into network traffic/patterns. The platform supports vendors such as Cisco, Checkpoint, Citrix, and Microsoft Active directory (AD) integration, which enabled matching of NetFlow data to AD computer and user objects.
Melbourne Water senior project manager Shane Drieberg said: "The key business driver for this project was improved security and increased organisational capability. By UXC thinking outside the square and improving on our original high-level designs, innovative new technology was used to exceed the minimum requirements and position Melbourne water to take better advantage of existing systems."
UXC Connect deployed four new highly-available Windows 2012 R2 domains as well as new virtualisation and physical infrastructure, including Microsoft SCCM 2012 for endpoint device management, a new secure Citrix XenApp farm for application access and administration separation, new VMware ESXi virtualisation infrastructure and new PKI certificate infrastructure.
One of the critical points of the project, according to UXC and Melbourne Water, was the seven-month time frame.
"The most difficult constraint on the project was time. We had a hard deadline of 31 December 2016. The project delivered the desired outcomes two weeks ahead of time," said Drieberg.
“UXC worked well with Melbourne Water and other suppliers to deliver a holistic solution. Delivery had to be completed by 31 December and failure was definitely not an option. When it came to crunch time, UXC pulled all stops to ensure that the solution was delivered on time, to the highest quality standard.”
Read more: CRN