Gulf Coast Water Authority
As cyber threats grow more complex and targeted, domestic utilities find themselves in the crosshairs of malicious actors. These critical community infrastructure services, which provide essential amenities like electricity, potable water, and heating fuels to households, are being warned to shore up their cyber defenses.
The U.S. Environmental Protection Agency (EPA) has recognized the escalating peril of these cyber incursions, prompting them to establish a dedicated water sector cybersecurity task force in early 2024.
The urgency of the task force's mission is underscored by an EPA report noting that small public water systems, which constitute over 90% of the country's community water systems, are especially vulnerable to cyberattacks against their operational technology (OT) infrastructure, including pumps and filters.
While major portions of the water sector are notoriously underfunded, in Texas, Gulf Coast Water Authority (GCWA) is one operation that, for years, has been strategically adopting advanced cybersecurity measures to enhance its security posture.
GCWA is a wholesale water provider, supplied 3.14 trillion gallons of water in 2023 to industry, agriculture, and municipalities in Brazoria, Fort Bend and Galveston counties in South Texas. This includes approximately 1.6 million people over their coverage area.
You can trace the beginnings of GCWA back to 1908 with the creation of the Cane and Rice Belt Irrigation Company and construction of a pump station on the Brazos River for agricultural irrigation.
In 1965, the Texas Legislature established GCWA as a special water district to be a wholesale water supplier to Texas City industries. Since then, it has grown to serve dozens of municipal, industrial, and agricultural customers with an extensive system that delivers at least 200 million gallons per day.
That delivery system includes:
- 4 river pump stations
- 315 miles of canals
- A 7,800-acre-foot reservoir
- 35 miles of pipelines
- A 57.6 million-gallon-a-day water treatment plant providing drinking water to most of Galveston County
The Appeal of Managed Network Detection & Response NDR Tools
GCWA IT Director David Bunch began his journey with Nomic Networks’ cybersecurity products over a decade ago as a contractor for the State of Texas and has been involved with multiple installations across various organizations, including the City of Pflugerville, Texas, and GCWA.
Evolving from its early origins as a premier IPS/IDS solution, Nomic’s Managed Network Detection and Response (MNDR) platform combines threat intelligence, signature-based detection, and artificial intelligence/machine learning (AI/ML) to detect and respond to network anomalies. This approach offers enhanced visibility into all network traffic and is crucial for the early identification and mitigation of advanced threats and zero-day attacks.
Bunch’s loyalty to Nomic products can be largely attributed to its unique Network Cloaking capability. “It’s a feature unique to Nomic and helps to filter out unnecessary traffic or ‘noise’ in front of the firewall, allowing for more granular control and better analysis of network traffic, which in turn reduces the overhead on the actual firewall,” he said.
“We’ve deployed Nomic Outposts to cover any site that communicates with our core network, our disaster recovery site, as well as any site that has an Internet connection.”
The recent introduction of Nomic's Insight tool, an ML/AI-driven threat detection engine built on top of a user-friendly, searchable archive of all network communications, has further expanded GCWA’s cybersecurity capabilities, enabling virtualization and threat hunting within the network.
Bunch says, “Insight helps us dive in a little more deeply, as it's more granular and helps us hunt for alerts and threats faster. One of my counterparts that works here, he absolutely loves Insight network flows. He uses the product all the time.”
Bunch has deployed the full stack of Nomic’s MNDR platform, including HQ, a single pane of glass for simplified management across multiple security appliances. In the spirit of a defense in depth strategy, GCWA uses multiple industry tools for backup and comprehensive security coverage. Nomic’s NDR solutions were quickly and effortlessly integrated into GCWA’s Security Stack.
“Insight helps us dive in a little more deeply, as it's more granular and helps us hunt for alerts and threats faster.”
The Importance of Vendor Innovation
A key factor in GCWA’s satisfaction with Nomic is the company's responsiveness to customer feedback and its agility in product development.
“One of the biggest benefits, I think, for us is that Nomic is very good at always innovating its products. If they don't have what you want, you can ask for it and as long as you're willing to work with them and spend some time, they will develop it.”
Bunch highlighted instances where Nomic developed customized solutions to meet specific needs, such as increasing throughput capacity, offering different form factors with twin power supplies, and customizing virtual appliances specifically for GCWA. He said this responsiveness has been crucial in maintaining a robust and adaptable cybersecurity posture.
“It’s a huge benefit to us that they continue to innovate, whether it's us asking for our input, or they themselves just realizing where they have holes or trying to be better,” Bunch added. “They accept feedback very well and they work for their clients, but at the same time they push themselves. And you can tell just based on the product and the features that they come out with. If you want layered defenses, add Nomic's NMDR to your security stack for greater confidence.”
“It’s a huge benefit to us that they continue to innovate.”
Water Utility Cyber Vulnerability
Like all water utilities across the country, GCWA faces a growing threat environment, especially when it comes to the operational technology that runs the physical environment. It fares much better than most, though, with internal staff expertise to fully address cybersecurity risk, and a strategic partnership with Nomic, which remains a cornerstone of its defense strategy.
“Nomic’s product suite is the most cost-effective way to get the maximum amount of value,” Bunch says. “The best bang for your buck, in my opinion, and has been for quite a long time. A lot of that is because of their constant innovation of the network appliances. When people ask me for a referral, Nomic is what I steer them toward every time. You’ve got your next gen antivirus, you’ve got your firewall, the next thing you need to add to your security stack is Nomic’s MNDR. It's very cost effective for what you get, and you get a lot for it.”