Securing Municipal Infrastructure: From Risk Exposure to Action

Municipal water and wastewater systems sit at the centre of public safety.

When something goes wrong, it is not abstract. It shows up in service disruption, environmental impact, and loss of public trust.

A Western Canadian municipality recognized it was exposed but lacked a clear, defensible view of its operational technology security risks. Without that clarity, it could not confidently prioritize action or secure funding.

Compugen led a full OT security assessment aligned to ISA 62443, a globally recognized standard that helps organizations assess risk and secure critical infrastructure systems. The result was a clear, credible roadmap the municipality could use to move from concern to action.

The Challenge

This municipality is responsible for operating and maintaining critical water and wastewater infrastructure. Systems that rely on operational technology to monitor and control flow, treatment, and safety.

Like many public sector organizations, the environment had evolved over time. Infrastructure aged. Systems expanded. Connectivity increased. Security did not always keep pace.

Several challenges stood out:

• • Aging infrastructure supporting critical operations, including network components well past recommended lifecycle

  • Flat network architecture, making it easier for threats to move between systems

  • Limited separation between IT and OT environments, increasing potential exposure to other Municipal Services

  • Multiple remote access methods, often tied to vendors and difficult to centrally manage

  • Lack of formal OT security ownership and policy structure

There was awareness that risk existed. What was missing was a structured way to measure it, communicate it, and act on it.

In an environment where systems control water quality, chemical dosing, and flow rates, that gap matters.

The Opportunity

The shift started with a single voice.

An engineer within the water treatment operation identified cybersecurity as a growing concern and raised it internally. That perspective helped connect operational risk with broader IT and leadership priorities.

At the same time, there was growing recognition that informal approaches were no longer enough. The municipality needed to align with a recognized standard and bring consistency to how risk was assessed and managed.

This created a clear opportunity to step back, assess the environment properly, and establish a baseline that could support real decisions.

The Solution

Compugen led a full OT security gap and risk assessment aligned to ISA 62443, a globally recognized framework for securing industrial and critical infrastructure environments.

The approach was structured, detailed, and built to stand up to scrutiny.

To strengthen credibility, a certified third-party assessment organization conducted the audit. This ensured the findings were objective and could be used confidently in internal planning and funding discussions.

The engagement included:

• • A detailed review of OT systems across water and wastewater environments

  • Evaluation against ISA 62443-aligned controls

  • Identification of security gaps across governance, network design, access control, and system management

  • A prioritized roadmap outlining immediate actions and longer-term initiatives

Midway through the engagement, procurement requirements introduced an RFP process. Compugen maintained its position, navigated the shift, and expanded the scope to include the wastewater treatment environment.

Throughout the engagement, Compugen worked closely with engineering, IT, and leadership teams. Regular touchpoints kept the project aligned and ensured the findings reflected both technical reality and operational context.

The Outcome

The assessment brought clarity to a complex environment.

It showed that a significant portion of evaluated controls were not fully aligned, highlighting gaps that could impact both security and operational resilience.

More importantly, it gave the municipality something it did not have before:

• • A defensible, standards-based view of its OT security posture

  • Clear visibility into where risk exists and how it could impact operations

  • A prioritized set of actions, including immediate steps internal teams could begin addressing

  • A structured roadmap to guide future investment and modernization

Immediate opportunities included improving access controls, tightening password and credential practices, updating documentation, and addressing basic system hygiene.

Longer-term priorities focused on:

• • Network segmentation and improved architecture

  • Centralized monitoring and logging

  • Stronger remote access controls

  • Development of formal OT security policies and incident response planning

The shift was practical.

Instead of broad concern, the municipality now had a clear plan. One that could be communicated, funded, and executed.

The Future

The assessment is already shaping what comes next.

Internal teams are using the findings to guide planning and prioritize remediation efforts. Conversations are underway to move forward on infrastructure upgrades, network improvements, and ongoing security support.

The engagement has also created momentum beyond a single municipality. Other public sector organizations are facing similar challenges and looking for a way to bring structure and clarity to their environments with Compugen.

The Relationship

This was not a transactional engagement.

Compugen started with a single operational contact and quickly built alignment across engineering, IT, and leadership. That mattered, because OT security sits across all three.

The team kept a consistent cadence of communication, translating technical findings into clear business impact so each group understood the risks and their role in addressing them.

Credibility came from two places. Depth in OT environments, and a structured, standards-based approach backed by independent validation.

By the time the findings were delivered, stakeholders were aligned and confident in the path forward.

That foundation is now carrying into the next phase, with Compugen positioned as a trusted partner.

If you are responsible for municipal or critical infrastructure, you are likely facing the same challenge. You know there are risks. The question is whether you can clearly define them and act on them.

Compugen helps public sector organizations assess their environments, prioritize what matters, and build a path forward that stands up to scrutiny. Start the conversation.