Safeguarding Your Water System with a Multi-Pronged Approach

Our Cybersecurity team understands the importance of keeping critical data safe. Badger Meter is committed to helping our customers safeguard their system against potential threats. 

What types of cyber threats do water utilities face? 

Water utilities are vulnerable to many of the same cyber threats as other parties. However, even a small breach or loss of information control in the water industry can disrupt critical infrastructure systems.  

Examples of threats are:  

• Data: The confidentiality, integrity and availability of data can be affected when digital information is not secured.

• Ransomware: External actors can threaten the loss of availability of data with blackmail; seeking a “ransom” for the restoration of access.

• Personally Identifiable Information (PII) Theft: A release of sensitive customer information to the public or a loss of data confidentiality.

• Denial of Service: Temporary or permanent loss of access to systems or information for legitimate users.

These attacks, if successful, can also result in damage to utility reputation, as consumers lose confidence in their utility when sensitive information has been compromised.

How does Badger Meter prioritize the security of its customers?  

Badger Meter employs a dedicated Cybersecurity team, comprised of individuals holding certifications from recognized, third-party authorities. Among the credentials held by individuals are Certified Information Systems Security Practitioner (CISSP), Certified Forensic Examiner (GCFE), CompTIA Security+, and Certified Information Systems Auditor (CISA).

Our data is hosted on the secure, ISO 27001-certified Amazon Web Services cloud-hosting platform, which provides resources and best practices for users to improve security posture. Company-wide, we provide regular cybersecurity and threat assessment training to employees across all departments, not just Cybersecurity and Software teams. 

Enterprise Risk Management in Practice 

Cybersecurity is a critical component of the company’s Enterprise Risk Management program. Badger Meter has established an information security framework to help safeguard the confidentiality, integrity, and availability of information assets and ensure regulatory, operational, and contractual requirements are fulfilled.

We take data security and privacy matters seriously. Badger Meter maintains both physical and system security measures, as well as industry-leading technologies, to provide the appropriate data security protections for both general business/employee information as well as customer-utilized software information (BEACON^® SaaS).

We are committed to ensuring the security and protection of the personal information that we control and/or process and we provide a globally compliant and consistent approach to data protection. We have an external party assess our cybersecurity risk management program using the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). We also have self-assessed our operations to the National Institute of Standards and Technology (NIST) 800-171.

We administer robust information security training for all employees, with annual certifications. Incident response planning, with regular exercises, is conducted to ensure the effectiveness of preparedness.

How do Network as a Service (NaaS) solutions from Badger Meter protect customers?  

To help monitor and address the evolving security landscape, we leverage the world-class expertise of our tier-one cellular carrier partners for the transmission of metering data.

Unlike many AMI solutions that use shared frequencies and bandwidth, ORION^® Cellular endpoints use licensed frequencies for primary communications to avoid interference from unauthorized users. ORION Cellular endpoints communicate over the private network, not over the public internet—an approach which exceeds the security provided by encryption alone.

BEACON is ISO 27001 certified and SOC 2 Type 2 examined against the Security, Availability, and Confidentiality Trust Services principles for data security.  

What steps should utilities take to protect their water systems against cyberattacks?  

All water systems should examine cybersecurity vulnerabilities and develop a cybersecurity risk management program. Proactive action, including developing a strong identity and access management, Single Sign-On (SSO) and network security controls (firewall, intrusion protection), and security awareness training programs (phishing tests) can lessen vulnerabilities.

Incidents of cybersecurity breaches at water utilities are increasing every day. However, one of the best ways to guard against a breach in security is to work with trusted partners and vendors who take precautions and care when it comes to protecting critical information about your process or customers.

Badger Meter works hard so your utility can prevent, detect, respond and recover from these incidents. 

What resources are available for utilities to learn more about cybersecurity measures? 

If you want to learn more about cybersecurity, check out these resources: 

• AWWA Cybersecurity & Guidance
• NRWA Cybersecurity Resources
• U.S. EPA Vulnerability Self-Assessment Tool: Conduct a Drinking Water or Wastewater Utility Risk Assessment  
• WaterISAC Resource Center