Recent Breaches
Breaches
2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2026HertzUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026NHS ScotlandUndisclosed stolenUndisclosed records stolen2026HertzUndisclosed stolenUndisclosed records stolen2025Marks & Spencer9.4M stolen9.4M records stolen2025PayPal35K stolen35K records stolen2025Jaguar Land RoverUndisclosed stolenUndisclosed records stolen2025Co-operative GroupUndisclosed stolenUndisclosed records stolen2024National Public Data2.9B stolen2.9B records stolen2026PowerSchool62.4M stolen62.4M records stolen2026DISA Global Solutions3.3M stolen3.3M records stolen2026Globe Life850K stolen850K records stolen
View All →
Firebreak for Water Playbook

Firebreak for Water
Control the path. Protect the supply.

A 28-page adoption and deployment playbook for water boards, CISOs, OT leaders and network architects, Layer 1 physical path control mapped against the Purdue model.

28 pages
22 min read
Water boards and executive teams
Firebreak for Water: Adoption & Deployment Playbook cover

Get the playbook

Emailed to you within a minute

Email-gated GDPR compliant

Foreword

The water sector's connectivity story has been written by convenience, not by design. Remote sites, third-party support, engineering tools and telemetry now share paths that were never intended to carry them. The Firebreak for Water Playbook is a practical response: it explains, in plain language, how Layer 1 physical path control complements existing firewalls and segmentation, where it belongs on the Purdue model, and how a water operator can pilot and scale it without ripping up what already works. It is written for the boards, CISOs, OT leaders and architects who now have to prove, to regulators and to themselves, that connectivity choices are intentional.

Mark Fermor · Co-Founder, Firevault
David Bailey · Co-Founder, Firevault

What's inside

6 parts. Written for the people who own the decision.

Each chapter opens with the decision it exists to help you make, and closes with the evidence you should expect back.

01

The water-sector control problem

Why standing connectivity, third-party access and operational consequence sit at the heart of water cyber resilience.

  • Convenience connectivity is now a systemic risk
  • Physical path control is missing from most reference architectures
02

What Firebreak is

A plain-English explanation of Layer 1 physical path control and how it complements, never replaces, firewalls, segmentation and monitoring.

  • Firebreak sits below the firewall, not beside it
  • The path either exists or it does not, no software override
03

Control blueprint for water

From bridge to controlled exchange. Where Firebreak Control modules sit across Purdue levels 0–3.5 and the IT/OT boundary.

  • A defensible reference architecture for OT engineering
  • Clear ownership boundaries between IT and OT
04

Deployment use cases

IT/OT boundary, SCADA protection, supplier access, remote sites, legacy systems, isolation and recovery, six patterns end-to-end.

  • Each use case maps to a named Control module
  • Every pattern includes an evidence trail for regulators
05

Adoption model

Ownership, selection and command design: who decides the path, who opens it, and how the evidence is captured.

  • Path decisions become auditable events
  • Ownership sits with operations, not the supplier
06

Pilot to rollout

Four steps from assessment to company-wide deployment, with a pilot acceptance pack the board can sign off.

  • A pilot is judged on reach, authority, evidence and recovery
  • Rollout is staged by consequence, not geography

Who it's for

Read it if you're accountable for the decision.

  • Water boards and executive teams
  • CISOs and heads of OT security
  • Network and control-system architects
  • Regulators and CNI programme leads

Sectors we hear from

Water & wastewaterEnergy & utilitiesCritical national infrastructureGovernment & defence

A look inside

Real pages from the playbook.

A short preview of what lands in your inbox.

Firebreak for Water: Adoption & Deployment Playbook preview, Standing connectivity
Standing connectivity Full page in playbook
Firebreak for Water: Adoption & Deployment Playbook preview, Physical vs logical control
Physical vs logical control Full page in playbook
Firebreak for Water: Adoption & Deployment Playbook preview, IT / OT boundary
IT / OT boundary Full page in playbook
Firebreak for Water: Adoption & Deployment Playbook preview, Isolation and recovery
Isolation and recovery Full page in playbook

Frequently asked

Questions leaders ask before requesting.

Something else on your mind? Reply to any Firevault email or write to mark@fire-vault.com.

More Firevault playbooks

Board-level control blueprints.

Each playbook is written for the people who own the decision, practical, UK-grounded and free to request.

Ready to read it?

Request Firebreak for Water. It lands in your inbox within a minute, tied to your email address. No download, no fuss.

    Your privacy matters

    We use cookies to keep the site running smoothly and to understand how you use it. You are in control. Privacy Charter · Cookie Policy