Security for Water and Sanitation: protecting SCADA from treatment to supply

Sanitation is critical public health infrastructure. Decripte contains unauthorized access to SCADA before process manipulation, and hardens operations with network segmentation, MFA on OT access, and 24x7 monitoring.

Direct answer

To protect a water utility, separate the corporate world (IT) from the automation world (OT/SCADA) with network segmentation and a defined perimeter between zones; require MFA and controlled remote access (jump host, session recording, just-in-time) for any connection to the automation network; continuously monitor industrial traffic and operator actions with a 24x7 SOC capable of detecting anomalous commands on SCADA; and keep an Incident Response team on standby to contain unauthorized access before it turns into chemical process manipulation or a supply outage. In practice, it is the combination of periodic Pentesting of the OT environment, Compliance (LGPD and industrial security best practices such as IEC 62443), a 24x7 SOC, and Incident Response with a containment SLA of up to 1 hour that keeps drinking water safe and supply running.

24/7

SOC monitoring OT and SCADA

<=1h

Incident containment SLA

IEC 62443

Industrial security benchmark

LGPD

Consumer and operational data

In summary

  • The real risk in sanitation is not just a data breach: it is the manipulation of a physical process (chemical dosing, pressure, pumping) that can compromise water quality and the supply of an entire city.
  • Insecure remote access to OT is the most common vector: VPNs with a single password, always-on vendor support tools, and exposed engineering workstations open a direct path to SCADA.
  • Segmentation between IT and OT, mandatory MFA on automation access, and continuous monitoring of industrial traffic are the three barriers that reduce risk the most.
  • The window between unauthorized access and process manipulation is short: detection and containment in minutes, not days, is what separates a scare from a public health disaster.
  • Ransomware at utilities paralyzes billing, telemetry, and supervision all at once, which is why operational resilience (backup, manual mode, contingency plans) is as important as prevention.
Energia e Utilities

Cibersegurança para Water and Sanitation

Sanitation is critical public health infrastructure. Decripte contains unauthorized access to SCADA before process manipulation, and hardens operations with network segmentation, MFA on OT access, and 24x7 monitoring.

Why sanitation is a high-value target with low tolerance for failure

Basic sanitation is, at the same time, an essential public health service and a complex industrial operation. A water and wastewater utility does not just manage pipes: it operates treatment plants (ETA and ETE), pumping stations, reservoirs, distribution networks, and miles of telemetry that watch over pressure, flow, reservoir level, and quality parameters. This entire physical process is controlled by industrial automation systems, generically called OT (Operational Technology), with SCADA, PLCs (programmable logic controllers), and HMIs (human-machine interfaces) at the center of operations.

What makes the sector a high-value target is precisely the impact: unlike a purely digital company, in sanitation a successful compromise does not end in a locked screen, it ends in a physical consequence. An attacker who gains control over chemical dosing in treatment, over pump activation, or over distribution valves gains disproportionate power over water quality and over the supply of an entire region. That is the difference between an IT incident and a critical infrastructure incident.

The risk that defines the sector

In sanitation, the question is not just 'can my data leak?', but 'can someone alter the physical treatment process or interrupt the supply?'. Security must be designed to prevent physical consequences, not just loss of information.

The low tolerance for failure comes from the nature of the service. There is no 'acceptable degraded mode' for drinking water: either it is within sanitary parameters, or it poses a risk to the population. This raises the cost of any interruption and of any doubt about the integrity of the process. A single well-founded suspicion that dosing was manipulated can force the utility to interrupt distribution, issue public alerts, and notify health authorities, with immediate reputational and regulatory impact.

The technical legacy that widens exposure

A large part of Brazil's sanitation automation infrastructure was built over decades, with long-lifecycle equipment, legacy industrial protocols (such as Modbus and DNP3, which were born without authentication or encryption), and engineering workstations running old operating systems that cannot simply be updated without risking a shutdown of operations. Add to this the growing convergence between IT and OT — telemetry pushed to the cloud, corporate dashboards reading process data, vendors accessing remotely for maintenance — and the result is an attack surface that has grown faster than the security maturity of most utilities.

The five threats that weigh most on sanitation

Decripte approaches the sector from a concrete threat map, derived from how these environments actually operate. This is not a generic list of cyberattacks, but the vectors that, in sanitation, lead from unauthorized access to a physical consequence or a service interruption.

Priority vectors in sanitation

  • Attacks on water treatment SCADA — compromise of plant supervision and control, allowing the reading and alteration of process set-points.
  • Chemical process manipulation — altering the dosing of coagulants, chlorine, fluoride, or pH correction, with a direct impact on potability.
  • Ransomware at utilities — encryption of supervision, telemetry, billing, and ERP servers, paralyzing operations and revenue at the same time.
  • Insecure remote access to OT — VPNs with a single credential, permanently connected vendor support tools, and engineering workstations reachable from the corporate network.
  • Supply unavailability — halted pumping, valve manipulation, or loss of supervision forcing blind operation or a preventive shutdown.

Why remote access is the Achilles' heel

Of all these vectors, insecure remote access to OT is the one that most often appears as the initial entry point. Water utilities depend on automation vendors and integrators who need to access the environment to configure PLCs, adjust SCADA screens, and resolve faults. When this access is done over a VPN with a shared password, without a second factor, without session logging, and with a direct route to the automation network, the leak of a single credential — through phishing, password reuse, or a compromised vendor laptop — is enough for a third party to reach the heart of the process.

The invisible danger of 'always-on' tools

Remote access solutions left permanently connected to 'speed up support' are a continuous back door. They must be replaced by just-in-time access, authenticated with MFA, mediated by a jump host, with the entire session recorded and auditable.

The good news is that this same vector is highly addressable. There is no need to rebuild the automation infrastructure to drastically reduce risk: controlling how, by whom, and from where SCADA is accessed already eliminates most of the path an attacker would take.

Gestão de Ameaças · Grátis

Is water and sanitation data already exposed or up for sale? Find out now — for free.

Sem cartão, sem compromisso. Descubra em minutos o que já vazou da sua empresa e qual é o seu risco real.

Anatomy of unauthorized remote access to SCADA (anonymized real example)

To make the risk tangible, we describe below the typical anatomy of unauthorized remote access to the SCADA of a treatment plant. This is an anonymized real example, built from real patterns in the sector, and not from a specific client. It serves to show where defense needs to act and in what order.

How the attacker gets in

The starting point is almost always a credential. A technician from an automation vendor has remote access to the OT network for maintenance. Their personal machine is compromised by credential-stealing malware, or they fall for a phishing attack that captures the maintenance VPN username and password. Because this VPN does not require a second factor and leads directly into a segment that can see the SCADA engineering workstation, an attacker in possession of the credential is, within a few hops, already inside the environment that controls treatment.

The decisive moment

There is a window between an attacker gaining access and understanding the process well enough to manipulate it safely for themselves. Reconnoitering the environment, mapping set-points, discovering which screen controls dosing — all of this takes time. It is exactly in this window that monitoring and containment must act. The access is contained BEFORE process manipulation.

What was at stake

With a presence on the engineering workstation, a malicious attacker would, in theory, have a path to alter chemical dosing set-points, manipulate pump and valve commands, or simply take down supervision, forcing blind manual operation. Any of these actions would have the potential to affect water quality or the continuity of supply. The difference between a contained scare and a public health incident lies entirely in the speed and quality of detection and response.

Decripte's defense thesis for this scenario

Detect the anomalous access and command behavior while the attacker is still reconnoitering the environment; immediately isolate the segment and the compromised credential; and prevent any manipulated process command from reaching the field. Containment before the physical consequence.

How Decripte detects what looks normal but is not

The great challenge of defending an OT environment is that many malicious actions use legitimate commands. Altering a dosing set-point is a normal operation — what changes is who did it, from where, when, and in what context. That is why sanitation monitoring cannot be limited to malware signatures: it must understand process and access behavior.

The layers of detection

Decripte combines industrial network visibility (passive inspection of protocols such as Modbus, DNP3, and OPC to understand commands and flows without interfering with operations), identity and access telemetry (who authenticated, from where, with which factor, at what time), and correlation with the IT environment (the engineering workstation that suddenly talks to an external IP, the vendor account that logs in outside the contracted maintenance window). The 24x7 SOC cross-references these signals to distinguish normal operation from anomalous action.

Signals that trigger investigation in the SOC

Vendor access outside the agreed window; authentication without MFA where MFA should exist; an engineering workstation initiating outbound connections to the internet; write commands to a PLC from an unusual source; network scanning within the OT segment; and a process set-point change without a corresponding work order.

Passive inspection is an important point for the sector: in OT, you cannot introduce latency or instability into the network that controls the process. That is why visibility collection is done through traffic mirroring and sensors that only observe, without interposing themselves in the path of commands. Security that puts process availability at risk is not acceptable security in sanitation.

What continuous monitoring delivers to the utility

  • A living inventory of OT assets (PLCs, HMIs, engineering workstations, telemetry gateways) and their expected communications.
  • Detection of commands and connections outside the process pattern, with enough context for the operator to decide.
  • An audit trail of who accessed SCADA, when, and what they did — essential for investigation and for compliance.
  • Prioritized alerts that separate noise from real risk, avoiding alarm fatigue in the operations team.

Containment before manipulation: Incident Response in sanitation

When the SOC identifies unauthorized access in progress, the number one priority in sanitation is to prevent it from escalating into process manipulation. Decripte's Incident Response operates with a containment SLA of up to 1 hour, but in OT environments containment must be surgical: taking down the wrong thing can cause exactly the unavailability you are trying to avoid.

Contain without taking down operations

Containment in sanitation is guided by the principle of preserving the safe operation of the physical process while cutting off the attacker's access. This means isolating the compromised segment or credential, blocking the remote access route used, and, when necessary, placing the plant into a controlled and safe manual operation mode — always in coordination with the plant's operations team, who know the limits of the process. The decision on any action that touches the field is made jointly, never unilaterally by the cybersecurity team.

The classic mistake Decripte avoids

In an OT environment, 'shutting everything down' to contain an attack can be as dangerous as the attack itself. Containment must understand the process: isolate the threat without interrupting treatment or supply, except when a controlled shutdown is provably the safest option.

In parallel with containment, the IR team begins collecting forensic evidence — access logs, remote sessions, command history, images of the compromised workstations — to understand the real scope of the incident, identify how far the attacker got, and ensure that eradication is complete. In sanitation, this investigation answers a question critical to public health: was the process altered or not? The answer to this question guides everything that comes after, including communication to health authorities and the population, if warranted.

Gestão de Ameaças · Grátis

What would an incident in water and sanitation cost? See your real risk before it happens.

Sem cartão, sem compromisso. Descubra em minutos o que já vazou da sua empresa e qual é o seu risco real.

Hardening: segmentation, MFA on OT, and monitoring

Containing an incident is necessary, but the long-term goal is to make unauthorized access hard to happen and easy to detect. The hardening that Decripte structures in sanitation rests on three fronts that, together, attack the most common vector in the sector: insecure remote access to OT.

Segmentation between IT and OT

The first barrier is to separate the corporate world from the automation world. Instead of a flat network where a compromised laptop in the office can see the plant's PLC, an architecture of zones and conduits is created, in the spirit of the IEC 62443 standard: the OT network stays in isolated zones, with a defined perimeter where all traffic between IT and OT passes through inspection and control. Telemetry flows up to IT through controlled and unidirectional paths whenever possible, so that process data can be read without opening a command path back to the field.

The zones-and-conduits model (IEC 62443)

Divide the environment into security zones, explicitly define which communications are allowed between them (the conduits), and block everything else. This way, a compromise in IT does not automatically propagate to automation, and any attempt to cross the boundary is visible and controllable.

MFA and controlled remote access on OT

The second barrier directly attacks the vector from the anonymized real example. All access to the automation network — by employees or vendors — now requires multi-factor authentication and is mediated by a jump host with session recording. Vendor access is no longer permanent and becomes just-in-time: granted only during the contracted maintenance window, with approval, and automatically revoked at the end. As a result, a leaked credential alone is no longer enough to reach SCADA.

OT remote access controls that Decripte deploys

  • Mandatory MFA for any connection to the automation network, with no exception for vendors.
  • A jump host (bastion) as the single entry point to the OT environment, with the entire session recorded and auditable.
  • Just-in-time and least-privilege access: the vendor only sees what they need, only when they need it.
  • Elimination of 'always-on' remote access tools and VPNs with shared credentials.
  • Automatic revocation and periodic review of all privileged access to SCADA.

Continuous monitoring as a safety net

The third barrier is the 24x7 SOC already described, which assumes that no prevention is perfect and ensures that, if unauthorized access still happens, it is seen and contained within the window in which the attacker is still reconnoitering the environment. Segmentation, MFA, and monitoring are not alternatives to one another: they are layers that reinforce each other. Segmentation reduces the path, MFA closes the most common door, and monitoring ensures detection when something slips past the first two.

Offensive validation: Pentest of the OT environment

The only way to know whether the barriers really work is to test them the way an attacker would. Decripte's Pentest for sanitation validates, in a controlled and safe manner, whether the segmentation between IT and OT holds, whether remote access can be bypassed, whether vendor credentials are protected, and whether lateral movement from the corporate network could reach the SCADA engineering workstation.

OT pentesting is different from IT pentesting

Testing an automation environment that controls a physical process requires extra care: no aggressive scans that could take down a PLC. Decripte uses OT-safe approaches — passive reconnaissance, validation in test environments or agreed windows, and techniques that do not compromise process availability.

The result of the Pentest is a realistic picture of the path an attacker would take and of the effectiveness of existing defenses, translated into recommendations prioritized by risk. For a utility, this exercise is also a governance instrument: it demonstrates to the board, to regulators, and to sanitation agencies that the security of critical infrastructure was independently verified, and not merely assumed.

What a Decripte OT Pentest usually reveals

Network routes that cross the IT-OT boundary without control; vendor remote access broader than necessary; credentials reused between corporate and automation; engineering workstations with outdated and exposed software; and a lack of session logging on privileged access to SCADA.

Compliance, LGPD, and operational resilience

Sanitation deals with two dimensions of compliance at the same time. The first is data protection: utilities process the personal data of millions of consumers (registration, consumption, billing, collection), which places them fully under the Lei Geral de Proteção de Dados (LGPD) and under ANPD oversight. A leak of this data or an incident affecting personal data triggers notification obligations to the data subject and to the ANPD, in addition to the risk of administrative sanctions.

The second dimension is the security of critical infrastructure and the industrial process, where the technical reference is the IEC 62443 family of standards, focused on the security of industrial automation and control systems. Decripte structures the utility to demonstrate, with policies, controls, and audit trails, that the OT environment is managed according to recognized best practices — something increasingly required by sanitation regulators, by concession contracts, and by due diligence processes.

Compliance that talks to operations

Decripte does not treat compliance as disconnected paperwork. The OT access policies, network segmentation, and monitoring that reduce real risk are the same ones that support the evidence for LGPD and IEC 62443. Security and compliance go hand in hand.

Resilience: surviving ransomware without stopping the city

Ransomware at utilities deserves its own attention because it attacks service continuity across the board: it can encrypt supervision, telemetry, billing, and ERP servers at the same time. The operational resilience that Decripte helps build includes isolated and tested backups, segregation that prevents propagation from corporate to automation, and contingency plans that allow the plant to operate in a safe manual mode if supervision is lost. The key resilience question in sanitation is simple and hard: if everything in IT goes down right now, can the utility keep drinking water safe and supply running? Security exists so that the answer is yes.

Where to start: diagnosis and building in layers

The security journey of a water utility does not begin with one big project all at once. It begins with visibility. Most utilities underestimate how many paths exist today between the corporate world and SCADA, how many vendor remote accesses are active, and which OT assets are not even inventoried. The first step is to see reality.

Start with a free assessment

Decripte offers a free Threat Management plan at decripte.com.br/intelligence-center, which gives the utility a first view of its exposure. To move forward, decripte.io/start structures the complete program, and /contato connects your team directly with a critical infrastructure security specialist.

From the assessment, the build-out is layered and prioritized by risk: first, the most obvious doors are closed (insecure remote access, missing segmentation, absent MFA), then continuous visibility is installed via the 24x7 SOC, everything is validated with a Pentest and, in parallel, compliance and resilience are organized. Each layer already reduces risk on its own, which allows the utility to demonstrate progress from the start, without having to wait for the entire program to be ready to reap the benefit.

Recommended initial roadmap for utilities

  • Inventory OT assets and map all paths between IT and the automation network.
  • Eliminate insecure remote access: MFA, jump host, just-in-time, and an end to always-on tools.
  • Segment the network into zones and conduits, isolating SCADA from the corporate environment.
  • Turn on the 24x7 SOC for continuous monitoring of access and process.
  • Validate with a safe OT Pentest and organize the evidence for LGPD and IEC 62443.
  • Build resilience: isolated backups, safe manual mode, and a tested response plan.

Anatomy of unauthorized remote access to the SCADA of an ETA (anonymized real example)

Real, de-identified example

Anonymized real example (without identifying the client). A mid-sized water utility operates a water treatment plant (ETA) whose SCADA controls coagulant, chlorine, and pH-correction dosing, in addition to pumping to the reservoirs. An automation vendor has remote access to the OT network for maintenance, done over a VPN with a shared credential and without a second factor. Telemetry and supervision flow up to a server that is also reachable from the corporate network. Decripte had begun monitoring the utility a few weeks earlier, with passive sensors on the industrial network and identity correlation in the 24x7 SOC.

  1. Initial compromise

    The vendor technician's laptop is infected with credential-stealing malware after a phishing attack. The maintenance VPN credential, without MFA, is exfiltrated. In possession of it, a third party establishes a connection to the utility's OT network from a residential IP, outside the contracted maintenance window and in the middle of the night.

  2. Detection (24x7 SOC)

    Within minutes, Decripte's SOC generates a high-priority alert: access to the automation network occurred without MFA, outside the vendor's agreed window, and from an unusual geolocation. Shortly after, the passive sensors observe the SCADA engineering workstation starting an internal scan and querying process screens that it would not normally query at that time — reconnaissance behavior, not operation.

  3. Containment (SLA <=1h)

    The Incident Response team triggers containment in immediate coordination with the plant's operations team. The compromised credential is revoked, the maintenance VPN route is blocked, and the OT segment is isolated from external access. Crucially, no process command was altered: access is cut off while the attacker was still in the reconnaissance phase, BEFORE any dosing or pumping manipulation. The ETA continues operating normally, with no supply outage.

  4. Eradication

    The forensic investigation reconstructs the entire session from the logs and captured traffic, confirming the scope: the attacker reached the engineering workstation, but executed no write command to a PLC nor altered set-points. The vendor's laptop is identified as the origin and remediated, all of the utility's remote access credentials are rotated, and the 'always-on' access tool is deactivated.

  5. Recovery

    Vendor access is rebuilt on a secure foundation: a single jump host, mandatory MFA, recorded sessions, and just-in-time authorization only during approved windows. Supervision and telemetry are validated to confirm integrity. The utility resumes its routine without ever having had to interrupt treatment or supply.

  6. Hardening and lessons

    Decripte implements zones-and-conduits segmentation (IEC 62443) separating IT from OT, keeps the 24x7 SOC monitoring, and schedules a safe OT Pentest to validate the new barriers. The main lesson recorded: the incident was contained not by luck, but by the combination of behavioral detection (anomalous access + reconnaissance on SCADA) and surgical containment that cut off the attacker without taking down the process.

Outcome with Decripte

Because detection occurred within the window in which the attacker was still reconnoitering the environment, Decripte contained the unauthorized access before any chemical process manipulation or supply interruption. The utility came out of the incident with the entry vector eliminated (remote access now with MFA, jump host, and just-in-time), with real segmentation between IT and OT, with continuous monitoring in the 24x7 SOC, and with documented evidence for compliance. What could have been a public health incident of public repercussion became a contained scare and a substantially more resilient operation.

Resposta a Incidentes · 24/7

Don’t wait for the incident. Start hardening water and sanitation today.

Comece pelo diagnóstico gratuito agora e veja em minutos o que já vazou. SOC 24x7 e contenção em até 1h nos planos pagos.

How Decripte responds to an incident at a water utility

Decripte's Incident Response in sanitation is designed around a non-negotiable priority: preventing unauthorized access from turning into a physical consequence before anything else. It operates with a containment SLA of up to 1 hour and always in coordination with the plant's operations team.

  1. Detection and triage: the 24x7 SOC identifies the anomalous signal (access without MFA, out of window, unusual command on SCADA, reconnaissance on the OT network) and classifies severity considering the risk to the physical process, not just IT.
  2. Activation and coordination: the IR team is mobilized and immediately connects with the plant's operations team, because no action that touches the process is taken unilaterally by cybersecurity.
  3. Surgical containment: isolate the compromised credential and segment, block the remote access route used and, if necessary, bring the plant into a safe manual mode — always preserving the safe operation of treatment and supply.
  4. Evidence preservation: collect access logs, remote sessions, command history, and workstation images, ensuring an intact forensic trail to answer the critical question: was the process altered or not?
  5. Investigation and scope: reconstruct the attacker's path, confirm how far they got and whether any set-point, dosing, or field command was touched, guiding communication to health authorities if warranted.
  6. Eradication: definitively remove the attacker's access, remediate the origin (e.g., a compromised vendor machine), rotate credentials, and deactivate insecure remote accesses.
  7. Safe recovery: reestablish remote access on a hardened foundation (MFA, jump host, just-in-time, recorded sessions) and validate the integrity of supervision, telemetry, and process before returning to routine.
  8. Lessons and hardening: consolidate the learnings, close the gaps that allowed the incident (segmentation, MFA, monitoring), and schedule validation via a safe OT Pentest.

How Decripte structures security for a water utility

The security structure that Decripte builds in sanitation rests on pillars that, together, reduce the attacker's path, close the most-used door, ensure detection of what slips through, and keep operations resilient and compliant.

IT/OT segmentation in zones and conduits

Isolate the automation network from the corporate environment according to the IEC 62443 model, with a controlled perimeter through which only explicitly permitted communications pass, so that a compromise in IT does not reach SCADA.

Secure OT access (MFA + just-in-time)

Replace VPNs with a shared password and 'always-on' tools with mandatory MFA, a jump host with session recording, and vendor authorization only during approved windows, with least privilege.

Continuous monitoring (24x7 SOC)

Passive visibility of the industrial network and identity correlation to detect anomalous access and process commands outside the pattern within the window in which the attacker is still reconnoitering the environment.

Offensive validation (OT Pentest)

Safely test whether segmentation, remote access, and credentials hold up against a real attacker, translating the result into fixes prioritized by risk and into evidence for governance.

Compliance and data protection

Support, with policies and audit trails, the LGPD/ANPD obligations regarding consumer data and the IEC 62443 best practices regarding the industrial environment, required by regulators and concessions.

Operational resilience

Isolated and tested backups, anti-propagation segregation against ransomware, and contingency plans to operate in a safe manual mode, ensuring that drinking water and supply continue even under attack.

Recommended plans for Water and Sanitation

Frequently asked questions

What is the biggest cyber risk for a water utility?

The risk that defines the sector is the manipulation of a physical process: altering the chemical dosing of treatment, commanding pumps and valves, or taking down supervision, affecting water quality or supply. Unlike a purely digital company, here the incident ends in a physical consequence, and the most common entry vector is insecure remote access to the OT network.

How do you protect vendor remote access to SCADA?

By eliminating VPNs with a shared password and 'always-on' support tools. In their place, mandatory MFA is required, a single jump host as the entry door with the entire session recorded, and just-in-time authorization: the vendor only accesses during the approved maintenance window, with least privilege, and access is automatically revoked at the end.

Can security monitoring interfere with plant operations?

No, when done correctly. In OT, Decripte uses passive collection via traffic mirroring and sensors that only observe, without interposing themselves in the path of commands. This provides visibility and detection without introducing latency or the risk of instability in the network that controls the process.

What is IT/OT segmentation and why does it matter in sanitation?

It is separating the corporate network from the automation network into isolated zones, with a perimeter through which only explicitly permitted communications pass (the zones-and-conduits model of IEC 62443). It matters because, without it, a compromised laptop in the office can see and reach the plant's PLC. With it, an attack in IT does not propagate to SCADA.

Do water utilities need to worry about the LGPD?

Yes. Utilities process the personal data of millions of consumers (registration, consumption, billing), which places them under the LGPD and ANPD oversight. An incident that affects this data triggers notification obligations to the data subject and to the ANPD, in addition to the risk of sanctions. That is why security and data protection go hand in hand in the sector.

What happens if ransomware hits the utility?

Ransomware can encrypt supervision, telemetry, billing, and ERP at the same time, paralyzing operations and revenue. The defense combines prevention, segregation that prevents propagation from corporate to automation, isolated and tested backups, and contingency plans to operate in a safe manual mode, keeping drinking water and supply running even during the incident.

How is a Pentest done without putting the process at risk?

OT pentesting is different from IT pentesting. Decripte uses passive reconnaissance, validation in test environments or in agreed windows, and techniques that do not take down PLCs or affect process availability. The goal is to find out whether segmentation and remote access hold up against a real attacker, without ever risking operations.

Where should a utility start?

With visibility. Start with the free Threat Management assessment at decripte.com.br/intelligence-center to get a first view of your exposure. Then, the build-out is layered and prioritized by risk: close insecure remote access, segment IT/OT, turn on the 24x7 SOC, validate with a Pentest, and organize compliance. To structure the program, use decripte.io/start or reach out via /contato.

Sector terms

SCADA
Supervisory Control and Data Acquisition. It is the set of software and screens that allows an industrial process to be operated and monitored remotely — in sanitation, the chemical dosing, pumping, and distribution of water.
OT (Operational Technology)
Operational technology: the systems that control the physical world of an industrial plant (PLCs, HMIs, sensors, actuators), in contrast to IT, which handles data and administrative systems. In sanitation, OT controls treatment and distribution.
PLC
Programmable Logic Controller: the device that executes the process control logic in the field, actuating pumps, valves, and dosers according to commands from SCADA. It is one of the most sensitive assets to protect in OT.
IEC 62443
A family of international security standards for industrial automation and control systems. It defines concepts such as zones and conduits and security levels, serving as a reference for structuring and demonstrating the protection of OT environments.
Segmentation (zones and conduits)
The practice of dividing the network into isolated zones and allowing between them only the explicitly authorized communications (the conduits). It prevents a compromise in the corporate network from automatically reaching the industrial automation network.
Just-in-time access
A model in which privileged access — for example, from a vendor to the OT network — is granted only for the time needed and subject to approval, being automatically revoked afterward, instead of remaining always active.

Decripte protects and responds to incidents in water and sanitation.

Pentest, 24x7 SOC, incident response with a 1-hour containment SLA and compliance — without building an internal team. Or start free by seeing what has already leaked from your company.