Skip to content

Water Hawk · a Salian Defense platform

Your water system is national infrastructure. We treat it that way.

Water Hawk is the procurement, regulatory, and threat-intelligence platform built for water utilities, chemical distributors, hyperscale data centers, and renewable natural gas operators. It is engineered by Salian Defense, the company that builds and operates classified facilities for the United States intelligence community. The same discipline now protects the systems that make modern life possible.

Schedule a threat briefingSee the defense stack

Sixty minutes. Cleared engineer in the room. No marketing.

The threat reality

The water sector is a declared target.

In February 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency issued a joint advisory confirming that the People's Republic of China cyber group designated Volt Typhoon has pre-positioned access on United States water and wastewater systems for the purpose of disruptive or destructive cyber attack during a future crisis. In November 2023, the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command, operating as CyberAv3ngers, breached the Municipal Water Authority of Aliquippa, Pennsylvania, and altered the operation of a Unitronics programmable-logic controller managing a booster station. The same group claimed access to additional systems across multiple states. The threat is not theoretical.

The water sector is the most under-resourced segment of the sixteen designated critical-infrastructure sectors. The EPA Office of Inspector General reported in November 2024 that 197 of the nation's largest drinking-water systems carry known cybersecurity vulnerabilities, serving approximately 193 million Americans. Most utilities operate with one or two information-technology staff. None of them were hired to defend against the Ministry of State Security. Water Hawk closes the gap.

190M+

Americans served

By the 197 utilities EPA OIG flagged for known cyber risk, November 2024.

$13B

Annual EPA SDWA investment

Drinking Water State Revolving Fund and related federal water programs.

70K+

Public water systems

EPA Safe Drinking Water Information System national inventory.

How Salian Defense defends water infrastructure

Six capability layers. Same standards as the classified facility.

The defensive capability Salian Defense offers Water Hawk customers is the same capability that protects classified facilities. The layers below are described in plain language; specific implementation, named components, and technical specifications are scoped per engagement under non-disclosure.

How engagements work

The capability layers below are not sold as off-the-shelf products. Each capability is delivered through a scoped engagement that begins with a no-cost briefing with a cleared engineer, proceeds to a written environment-specific scoping document, and ships only after both sides agree on the deliverable, the standards of record, and the price. Adoption is modular: a utility can start with a single layer (most commonly Hardware OT encryption or Threat intelligence fusion) and expand as the relationship matures. The broader posture (verified-vs-in-review on live records, citation discipline on stats, antitrust safeguards on cohort-aggregated outputs) is documented on /trust.

01

Hardware layer

Operational technology encryption at the boundary

Water utility supervisory-control traffic, programmable-logic-controller communication, and remote-terminal-unit telemetry are the most exposed and least defended surfaces in the sector. Engagements at this layer deploy a hardware encryption appliance at the boundary between information-technology and operational-technology networks and at the perimeter of every remote site. The appliance encrypts every TCP and UDP packet at the binary level, with full-system latency that lands inside the operating envelope of standard water-sector control loops (IEC 61850, Modbus over TCP, DNP3). The cipher does not rely on the algebraic structures quantum-decryption algorithms target. The appliance also supports unidirectional traffic enforcement, delivering data-diode behavior with the encryption layer preserved across the boundary. Specific appliance, firmware, and integration detail is scoped per environment.

02

Detection layer

Synthetic content and insider-threat detection

Engagements at this layer install a locally-running analysis capability inside the customer environment with no external data transmission required. It identifies synthetic content, deepfake media, and machine-generated text targeting utility communications, board governance, vendor onboarding, and ratepayer interaction. It performs data-loss prevention across the categories of regulated and sensitive content that govern utility security plans and customer records. Air-gapped deployment is supported. The capability runs on standard enterprise hardware and produces forensic-quality evidence chains suitable for law-enforcement coordination. Integration with the customer's existing security-information-and-event-management platform is part of the engagement scope.

03

Compliance layer

Continuous regulatory posture

Engagements at this layer stand up a continuous-evaluation capability that maps current control implementation against the standards that govern water-sector operation: the Safe Drinking Water Act, the Clean Water Act, America’s Water Infrastructure Act Section 2013, and the EPA cybersecurity guidance. The same engine, deployed inside Salian-managed sensitive-compartmented-information facilities, audits against Intelligence Community Directive 705 in real time; the water-sector deployment is the direct port of that capability. Audit cycles compress from months to days. Remediation priorities arrive as a prioritized backlog rather than as a binder. Mapping to the specific primacy agency, federal contracting vehicle, and operating standard of record is part of the engagement scope.

04

Orchestration layer

Air-gap-native deployment and audit

A managed orchestration plane underpins the defensive stack and allows it to be deployed, updated, monitored, and audited inside customer environments, including environments with no internet connectivity. Configuration drift is detected continuously and every configuration change carries its own audit trail as evidence-as-code. The orchestration plane reduces the operational burden on the small information-technology teams that staff most water utilities; the system runs in the background, and the team is freed to do the work it was hired to do. Whether the orchestration plane is delivered as a standalone deployment or as part of a broader stack engagement is scoped per environment.

05

Cryptographic layer

Post-quantum readiness today

The 2035 National Security Agency Commercial National Security Algorithm Suite 2.0 deadline applies to national security systems, but the same threat surface and the same vendor-migration cost reach the water sector earlier. Salian Defense engagements include post-quantum cryptographic primitives in the deployment plan, so customers who engage now do not face a costly cryptographic migration project later. The migration is the deployment. Which primitives are deployed and how they integrate with existing key-management infrastructure is scoped per environment.

06

Visibility layer

Threat intelligence fusion

The Salian Defense threat-intelligence team aggregates open-source threat reporting, government threat reporting, the Water Information Sharing and Analysis Center alert stream, and the cleared-environment-derived signal that Salian’s classified work generates. The fusion product is delivered to Water Hawk subscribers under the platform’s standard licensing terms. Customers receive the same threat picture that informs Salian’s own classified-facility defense, sanitized for the appropriate handling caveats. This is the most consequential single benefit a non-cleared water-sector operator can obtain. It is included.

Standards alignment

The discipline is documented.

The platform aligns to National Institute of Standards and Technology Special Publication 800-53 Revision 5 at the Moderate baseline as a default, with mappings to the Cybersecurity and Infrastructure Security Agency Cross-Sector Cybersecurity Performance Goals, the American Water Works Association Cybersecurity Guidance and Tool, and the Water Information Sharing and Analysis Center recommended practices. For customers operating in regulated environments, Water Hawk supports the controls-evidence collection required under America's Water Infrastructure Act Section 2013, the Cyber Incident Reporting for Critical Infrastructure Act, and the EPA's January 2024 cybersecurity guidance for the water sector.

Salian Defense's classified-facility work runs under Intelligence Community Directive 705 and its supporting technical specifications. The water-sector engagement applies the same engineering discipline at the standard most relevant to the regulated environment in question. Engagement design always begins with the customer's primacy agency, federal contracting vehicle, and operating standard of record.

How you engage

Three tiers. Real work. Named engineers.

Each tier below is real work, not a service-catalog entry. Each one is delivered by named engineers. Pricing for Tier I is on the pricing page; Tier II and Tier III are scoped per engagement.

I

Tier I · Signal

Water Hawk subscription

Procurement, regulatory, and the threat-intelligence overlay delivered through the Water Hawk platform. Subscribers receive the sanitized threat read alongside the procurement and regulatory surface; the deeper cleared-environment-derived threat detail is delivered through the Salian engagement that follows. A quarterly threat-exposure briefing is available to subscribers on request and shipped on a posted cadence as the engagement queue clears. Annual subscription. Per-seat and per-utility pricing available. Volume discounts for state associations, water-sector trade associations, and engineering firms with multiple operating clients.

See pricing

II

Tier II · Assess

Cyber posture assessment

A bounded, fixed-price engagement in which a cleared engineering team evaluates the customer environment against the standards governing the water sector and the threat models specific to water-utility operational technology. Deliverable includes a written technical assessment, a prioritized remediation backlog, a cost-bounded recommendation for hardening, and a board-ready executive summary. Typical duration six to ten weeks. Available under federal contracting vehicles or direct.

Schedule an assessment

III

Tier III · Protect

Managed defense

Continuous deployment, monitoring, and incident response delivered by cleared engineers with the same standards and discipline used to protect classified facilities. Twenty-four-hour security-operations coverage. Cleared incident-response capacity on call. Hardware encryption appliances deployed at the IT-OT boundary. Continuous compliance-evidence collection. Quarterly executive briefings to utility board, mayor, county commission, and state primacy agency on request. Custom-scoped per engagement; no list price.

Scope a managed engagement

Beyond defense

Defense is the entry point; the broader Salian Defense relationship extends into custom artificial-intelligence integration, custom software, and security engineering for the water sector and the verticals adjacent to it. Each engagement is custom-scoped against the operating environment, the regulatory standard of record, and the customer's existing technology footprint. Pricing is not published; the conversation begins with the work and the standards, not a list price.

Why Salian Defense

The under-defended cousin of the classified facility.

Salian Defense is a Delaware corporation and a certified Service-Disabled Veteran-Owned Small Business. The company builds, accredits, and operates Sensitive Compartmented Information Facilities for the United States intelligence community and the defense industrial base. Its strategic architecture compresses accreditation timelines from the historical twelve-to-twenty-four months to four to six months through a network architecture that connects new facilities to a pre-accredited reference design.

The water sector is the under-defended cousin of the classified facility. The same nation-state actors target both. The same hardware exposures exist in both. The same insider risk exists in both. The difference is the resources available to defend them. The classified facility receives the full weight of the federal cybersecurity and counterintelligence enterprise. The water utility receives a CISA advisory and a phone number. Salian Defense exists, in part, to close that gap. Water Hawk is the operational expression of that intent.

References

Threat reporting we operate against.

The threat picture above is grounded in published government reporting. Water Hawk customers receive the unsanitized synthesis. The public references below are the floor, not the ceiling, of what the platform tracks.

  • CISA, FBI, NSA. Joint Advisory AA24-038A. February 7, 2024.

    PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Confirms that the Volt Typhoon threat actor has pre-positioned access on United States water and wastewater systems for purposes of disruption or destruction during a future conflict.

  • CISA. AA23-335A. November 30, 2023.

    IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities. Documents the CyberAv3ngers campaign against Unitronics PLCs, including the Aliquippa, Pennsylvania incident.

  • EPA Office of Inspector General. November 2024.

    Management Implication Report on Cybersecurity Concerns at Drinking Water Systems. Identifies 197 large drinking water systems with known cybersecurity vulnerabilities, serving approximately 193 million Americans.

  • EPA. Cybersecurity Guidance for the Water Sector. January 2024.

    Directs the integration of cybersecurity into the Sanitary Survey program and provides technical implementation guidance for Section 1433 of the Safe Drinking Water Act and Section 2013 of America’s Water Infrastructure Act.

  • WaterISAC. The Fifteen Cybersecurity Fundamentals for Water and Wastewater Utilities.

    Water Information Sharing and Analysis Center foundational guidance. Water Hawk maps customer posture against every one of the fifteen fundamentals.

Begin

The first conversation is sixty minutes.

A cleared engineer is in the room. The agenda is your environment, your concerns, and the threat reporting that applies to you. There is no marketing pitch and no sales process. If you do not want a second conversation, there will not be one.

Schedule a briefingRead the Q2 water security quarterly