NIS Directive for the Water and Sewage Industry

The NIS2 Directive focuses on information and IT security issues within the infrastructure of water and sewage networks. Many municipalities use diverse technological solutions to ensure effective communication between stations. These solutions range from fiber optics and copper networks to city networks, radio links, radio modems, and public mobile networks, and they cannot be quickly or easily replaced.

Replacing all existing technology hastily with new systems can be premature and costly. This article delves into wireless connection technologies and how they can be securely integrated with existing infrastructure. Building IoT systems that comply with the NIS2 Directive, utilizing LoRaWAN and cellular technology, requires careful planning and the strategic implementation of security measures. To guide municipalities in enhancing their infrastructure security, here are five critical recommendations for meeting the requirements of the NIS2 Directive:

Risk Assessment and Vulnerability Analysis:

• Start with a comprehensive risk assessment to identify potential threats and vulnerabilities in your IoT system.
• Evaluate the consequences of various threats and vulnerabilities and rank them based on their impact on system function and security.

Secure Communication:

• Encrypted protocols are used to secure communications via both LoRaWAN and cellular technology.
• Implement mechanisms to authenticate devices and ensure only authorized devices can connect to your system.

Update and Patch Management:

• Establish a robust process for managing software updates and security patches.
• Ensure that devices can be easily updated over LoRaWAN and cellular connections to address known vulnerabilities quickly.

Access Control and Monitoring:

• Implement strong access controls to limit authorized access to the system and its data.
• Implement comprehensive monitoring and logging to detect unauthorized activity and incidents in real-time.

Collaboration with Third Parties:

• Collaborate with IoT service providers and network operators who comply with the security requirements of the NIS2 Directive.
• Ensure that your collaboration with other parties adheres to security principles and that their products and services are secure.

By carefully planning and implementing these measures, you can build IoT systems that communicate via LoRaWAN and cellular technology while adhering to the NIS2 Directive, ensuring high cybersecurity and protecting your business from potential threats and incidents.

Building a NIS2-Certified Network in IoT:

A combination of appropriate equipment and technologies is required to build a NIS2-certified IoT network using LoRaWAN and cellular technology. Here are some specific suggestions:

IoT Devices:

• Use IoT devices that are compatible with both LoRaWAN and cellular networks. These devices should be equipped with security features for authentication and encryption.

LoRaWAN Gateways:

• Install LoRaWAN gateways that can connect your IoT devices to the LoRaWAN network. Ensure that the gateways have built-in security features and can handle data encryption.

Cellular Modules:

• Use cellular modules or routers that support secure connections, such as 4G or 5G, and have built-in firewalls and security protocols.

Security Protocols:

• Implement security protocols like TLS (Transport Layer Security) for secure communication over cellular networks. For LoRaWAN, use AES encryption for data.

Security Certificates:

• Issue security certificates for all devices in the network and use strong authentication to ensure that only authorized devices can connect.

Security Audits:

• Review and test the network regularly for vulnerabilities and security issues. Use vulnerability scanning and penetration testing to identify and address potential threats.

Update Systems:

• Create a robust process for updating and patching the devices in the network. Automate the update process when possible.

Monitoring Systems:

• Implement a real-time monitoring system that can track traffic and activity in the network. Use SIEM (Security Information and Event Management) to detect and manage security incidents.

Collaboration with Service Providers:

• Work with reliable IoT service providers and network operators who follow the security requirements of the NIS2 Directive.

Security Documentation:

• Document the network’s security policy and procedures to comply with the NIS2 Directive. This includes managing incidents and reporting requirements.

Using these equipment and technologies and following best practices for cybersecurity and the NIS2 Directive, you can build a secure and NIS2-certified IoT network that meets high standards of security and integrity.

Wireless Technology in General

The first step is determining if your communication link offers an encrypted connection. In most modern wireless networks, traffic is encrypted, covering technologies such as 4G, 5G, radio links, and radio modems. Within all these technologies, encrypted solutions are now safe. If you have an older network that is not encrypted, you essentially meet the requirements for separation, but your network may still be vulnerable. If you have one of our older radio modem networks, you can replace all hardware with newer encrypted models without changing anything in your infrastructure.

Data Encryption:

Once you have verified that you have a technology that is encrypted in the air, do not blindly trust it, but ensure that network traffic over the entire link is encrypted and logically separated from other traffic. This is achieved through tunnels that create a point-to-point connection between two points in the network. If you are not using a network but one of the older serial interfaces like RS232 or RS485, you have a challenge, but it can be circumvented. For example, radio modems for private radio networks have an encrypted connection and thus encrypt data. Otherwise, you would need to go through a router that converts the serial traffic to network packets, such as IP traffic, which is then encrypted and sent via a network connection over a tunnel. Data can then be decrypted at the other end.

Physical Protection:

Many network connections in the field are designed to allow a computer to be plugged directly into the network port. In such cases, physical security becomes crucial. The focus should not just be on covering unused network ports but on securing your hardware to specific devices, such as a PLC or operational computer. This security is achieved by configuring each network node, router, or modem to ensure that only authorized devices can access the network port at each connection point, thus creating a more secure connection.

The Biggest Source of Problems:

Perhaps the most common security problem historically is the users. They are traditionally the biggest source of viruses and malware, not necessarily the networks. These generally enter the networks via a USB drive, a computer updated over the Internet, or a user who downloads a file from the Internet and copies it to the current computer. These are the most common sources of malicious code.

Securing Water and Sewage Networks: Building a Compliant NIS2-Certified IoT Infrastructure

Implementing the NIS Directive within the water and sewage industry necessitates a strategic approach to upgrade and secure infrastructure. By adhering to the outlined recommendations—ranging from comprehensive risk assessments to stringent access controls and proactive collaboration with third-party service providers—municipalities can significantly enhance the security and efficiency of their water and sewage networks. All stakeholders must recognize the importance of these security measures to protect critical infrastructure from emerging threats and vulnerabilities.

These guidelines offer a blueprint for leveraging advanced IoT technologies, ensuring robust cybersecurity measures, and maintaining compliance with the NIS2 Directive. As you create and build your network, remember that each step taken towards enhancing security contributes to constructing a secure, NIS2-certified IoT network that meets rigorous security and integrity standards.