Providing a multi-disciplinary approach to water sector security!
Zanja Verde LLC’s unique approach to risk management is specifically tailored to the water sector. Cyber security for critical infrastructure is not just a “tech” issue, but also a critical component of enterprise risk management.
Water sector utility owners and operators tend to be advanced in emergency response and resilience planning in preparation for natural disasters. But water sector utility owners and operators need to bring the same or greater level of redundancy, emergency response, resilience, and recovery methods to ensure continuity of operations and the protection of public health and the environment in the cyber security context. Failing to take reasonable measures and employ best practices to prevent, detect, and swiftly respond to cyber-attacks can lead to catastrophic consequences – including technical, operational, financial, and reputational harm – when the cyber-attacks do occur. And they will occur. It is not a matter of if, but when.
Yet, the water and wastewater sector face uniquely significant cyber security challenges, due to the diversity of the sector itself with organizations of varying size and ownership, the sector’s splintered regulatory regime, and a lack of clear cyber security governance protocols. Despite these challenges, water sector utility owners and operators must develop a comprehensive plan. Reliance on sovereign immunity defenses or insurance policies without more are simply not sufficient to protect an organization or its leaders from the repercussions of a cyber security attack and the ensuing reputational harm. But there are scalable and effective measures that water sector members can take to improve the cyber security of their organizations—Zanja Verde LLC.
Zanja Verde LLC's innovative, inter-disciplinary approach to cyber security helps you to manage and prevent cyber incidents, enable a far better response to incidents that do happen, and provide a far better explanation of preparedness and response when confronted by law enforcement (e.g., FBI), customers, constituents, investors, boards, regulators, civil litigants, legislators, and the media. Because the issues and solutions are multi-faceted and interconnected, Zanja Verde LLC has formed an innovative and uniquely talented multi-disciplinary team under one roof to assist water sector utility owners and operators in addressing these myriad concerns from a technological, cost, efficiency, personnel, and legal perspective with unequaled and specific experience with the challenges faced by the water sector.
Water Supply Planning
Zanja Verde LLC will assist you in preparing groundwater management and sustainability plans for the water sector. Our team has senior management experience in the water sector and can provide sophisticated, tailored solutions to an agency’s planning needs.
We are also adept at analyzing Environmental Impact Reports for compliance with the California Environmental Protection Act and the National Environmental Protection Act.
Zanja Verde LLC specializes in security for all aspects of the water sector. This includes advocating on behalf of agencies for grants and loans, to harden both physical and cyber infrastructure.
The regulated community needs help in developing responses to emerging constituents. This will require expertise in water quality standards and the ability to analyze proposed legislation and regulations. Zanja Verde LLC provides its clients with high-level management analyses on proposed legislation and is prepared to advocate and comment on all such legislation.
Our management analysis extends to operations and maintenance, capital projects, regulatory compliance, human resources and risk management.
The water sector must comply with a myriad of regulatory requirements, including those arising from the Clean Water and Safe Drinking Water Acts, the Endangered Species Act, the Clean Air Act, and other Federal laws that impose more and more restrictive compliance points.
Our team can address those issues, whether helping negotiate with regulators or non-governmental organizations, assessing current compliance programs, providing cyber security penetration testing and security assessments, or, providing knowledgeable help when the regulators come knocking on your door.
One of the major challenges that water sector agencies face is in keeping customer service, billing, human resources, finance and operational control systems secure with ever-increasing attacks on critical infrastructure. The COVID-19 crisis has escalated those challenges by increasing remote access to agency operational systems, through increased at-home work and access by employees.
Although many water sector agencies do have robust IT departments, those departments are not equipped to handle attacks by malicious actors intent on breaching internet security measures. Additionally, the first things cut in financial crises are the funding for new computers, more analysts and security. Malicious hackers know that most CI agencies do not submit their systems to penetration testing, nor do they have the staff to assure that the human resources involved have been trained sufficiently in cyber security.
Once a system is breached, very few public agencies have the staff expertise to handle true malicious hacking. It is at this point that agencies should expect to see the United States Federal Bureau of Investigation, which will mobilize agents to breached agencies, visit them to conduct an investigation and identify potential targets for criminal prosecution. It is critical that the agency work with experienced cyber security experts who have worked intimately with the US FBI.
After the breach, it is critical to restore public trust and confidence in the agency by being transparent and open about the breach and the repercussions to the agency’s customers or clients. This requires expert handling of outreach efforts.
Zanja Verde’s team consists of seasoned professionals, all of whom have an area of expertise that provides for a mult-disciplinary approach to cyber security assessment, hardening, re-assessment and training.