Critical infrastructure: this is how we protect our drinking water

From pump stations to switch cabinets: water boards and water companies often have dozens or even hundreds of field assets. How can all these locations be secured in a reliable, efficient, and sustainable way? In this blog, Richard Mildenberg (Sustainability & Business Development Manager) and Jorden van Driel (Client Team Manager Vitals & Global Services) explain how to smartly secure vital infrastructure.

From healthcare to the electricity grid, from public transport to drinking water supply: these are all examples of our vital infrastructure. In other words, facilities essential for the functioning of our society. At the same time, this vital infrastructure is increasingly vulnerable. Cyber threats have become more frequent in recent decades. Cybercriminals can disrupt society by taking down these essential services.

Water boards and water companies need to ensure that both their physical and digital locations and field assets are well-secured, says Richard Mildenberg. “The complicating factor is that these organizations sometimes have up to 150 locations: offices, treatment plants, pumps, pumping stations, and switch cabinets ‘in the field.’ Securing all of that in an efficient and sustainable way is quite a challenge.”

Strict laws and regulations: BIO framework and NIS2

The Baseline Information Security for Government (BIO)

Moreover, the laws and regulations that semi-governmental organizations must comply with are becoming stricter, adds Jorden van Driel. “As a water board or water company, you must comply with stringent information security frameworks such as the Baseline Information Security for Government (BIO). Additionally, these organizations must prevent malicious actors from gaining access to their locations. This requires securing the required security level to ensure that you can always meet your primary objective: providing clean and safe drinking water.”

NIS2 Directive

The NIS2 legislation and compliance with its guidelines are also crucial for water boards and drinking water companies. Van Driel explains: “This revised and significantly tightened European cybersecurity legislation is specifically designed for organizations in critical sectors, providing stronger protection against digital crimes such as cyberattacks. To comply with the NIS2 guidelines and avoid penalties, organizations must also ensure that their suppliers adhere to the same strict regulations.”

Sustainable Solution for Access Control and Security

The good news, according to Jorden van Driel, is that managing and securing locations is becoming increasingly efficient. “At Nsecure, we use an integrated solution based on access control, identity management, and sustainable locking systems. Our access control system manages all necessary security solutions—from video surveillance to vehicle identification, from biometric security to intercom solutions. We combine this platform with iLOQ’s sustainable locking systems for access control. A major advantage of this solution is that, unlike many other locking systems, it is battery-free: the energy required to unlock a secured lock is generated by the smartphone itself.”

This brings many benefits, adds Richard Mildenberg. “For a long time, a technician dispatched for maintenance first had to go to the headquarters to receive the necessary access rights. They would then be given a (digital) key or access card to unlock the relevant asset—such as a pump, pumping station, or switch cabinet.” Now, this physical step is eliminated, Mildenberg continues. “The technician receives the access rights directly on their phone. Once on-site, the phone sends a minimal electrical pulse to the battery-free lock, which then unlocks. Through the access control platform, you have 24/7 real-time visibility of who is present at which location and when.”

Reducing Maintenance Costs

This solution is also highly sustainable, explains Mildenberg. “The number of transport movements is significantly reduced since technicians can go directly to the relevant field location. And because the locking system is battery-free, there is no need for battery replacements. For organizations with dozens or even hundreds of locations, this results in substantial savings in terms of maintenance and the associated logistics.

Additionally, most software-related issues can now be resolved remotely, which further reduces the need for travel. And last but not least, since this is a cloud-based solution, there is no need to maintain local servers—with their own power and cooling requirements. From a sustainability perspective, this provides significant benefits.”

Comprehensive Access Management for Employees, Contractors, and Subcontractors

For overarching access management—determining who has access to which assets—Nsecure utilizes the in-house developed YIM platform. This Identity Management solution operates above the access control system, explains Van Driel. “YIM, which stands for Your Identity Management, allows you to quickly assign the correct access rights to employees, visitors, and subcontractors working on-site. Once a supplier is registered and accredited—ensuring they have the necessary documents to work on your premises—access rights can be assigned remotely. The respective employee then receives these rights on their phone. At the same time, these access rights are registered in the access control system, enabling the employee to gain access to the site automatically via their phone. This ensures that only authorized personnel can enter your locations and that everyone can work securely and in compliance with regulations.”

Interoperability: Strict Standards

Interoperability is the key to effective security management, explains Mildenberg. “Managing identity and access can be highly complex, especially for organizations with multiple locations. We integrate all access and security systems, ensuring they work together seamlessly, intelligently, and securely. It’s important to note that Nsecure is SOC 2 Type II and ISO 27001 certified, meaning we adhere to the highest standards for information security and privacy.”

The Netherlands has one of the best water supply systems in the world, making it even more crucial to protect it, emphasizes Jorden van Driel. “Securing our vital infrastructure will only become more important in the coming years. With our future-proof solutions for both physical and digital access and security, we are committed to contributing to this goal.”