Resilience for water, transport & building systems
Faction delivers enterprise-grade Zero Trust at a fraction of the cost of Enterprise SDN or ZTNA — protecting your vulnerable OT & IoT, data, and communications without rip-and-replace
Water, transportation, and building systems depend on operational technology that was never designed for an internet-connected world — and often run by lean teams with tight budgets. Faction brings these systems into an owner-controlled network without disrupting the services people rely on.
These systems are a deliberate target. State-sponsored actors — the campaign known as Volt Typhoon — have pre-positioned inside U.S. water, pipeline, and transportation networks so they can disrupt essential services in a crisis. The FCC has determined that foreign-made routers pose an unacceptable national-security risk, and many are already in these networks.
Service disruption
Water, transport, and building systems knocked offline — with real public consequences.
Public safety
When essential services fail, the impact reaches people directly.
Recovery costs
Incident response and replacement a lean operation can't easily absorb.
Regulatory exposure
Sector security requirements carry real accountability for operators.
Networking
- Control systems that must stay connected — and are reachable from the public internet today
- The 'living off the land' paths nation-state actors use to hide in normal traffic
- Foreign-made networking hardware now flagged as a national-security risk, already on-site
- Secure coordination across the operators and vendors who run the systems
Devices
- Decades-old PLCs, RTUs, and controllers that can't be patched
- Sensors and field devices across distributed sites
- Everyday smart hardware — printers, cameras, UPS — used as a way in
- Cloud application servers that control field devices
Data
- Operational data and telemetry that can be manipulated in transit
- Communications between the parties that operate the systems
- Records compliance requires you to store and share
- Data downloaded onto vendor and staff BYOD devices
Virtual Private Circuit (VPC)
Take controllers, sensors, and the application servers that manage them off the public internet into a circuit only you can see and reach — then segment and micro-segment it with Groups, so essential systems stay isolated.
- Sites, controls, and operations on one circuit
- Essential systems reachable only from inside
- Identity-based access between segments
- No shared cloud control plane to compromise
Owner-Held Keys & Zero Knowledge
Encryption keys are created and held by the operator and never leave your devices. Faction routes traffic but has no access to what you protect.
- Operational data encrypted end to end
- Keys stay with the operator
- Encrypted in transit and at rest
- No vendor in your trust path
Zero Trust, Identity-Based Access
Every user and device is authenticated and authorized; nothing anonymous can reach the circuit. Scope and revoke access for the vendors who touch field systems.
- Out-of-band Zero Trust authentication
- Time-limited, scoped vendor access with audit trails
- Step-up to verified human identity (iValt, roadmap)
- No anonymous movement on the network
Cyber-Assured Hardware — Pods & Portals
Faction's own purpose-built, Cyber-Assured networking hardware brings controllers and legacy systems into the circuit with no agent — and is trusted hardware by design, a direct answer to the foreign hardware now flagged by the FCC.
- Reach controllers, sensors, and field gear
- No agent, no patching of the device
- US-made, independently source-inspected
- Built for distributed, unmanned sites
Encrypted Data & Ransomware-Proof Backup
The Faction Data Security Suite keeps files, email, and media encrypted under your keys — and backs them up where only you can decrypt them.
- Keep the email and cloud tools teams already use
- Every file encrypted under your own keys
- Owner-keyed backup that can't be ransomed
- Share with partners without exposing operations
Factionize your infrastructure — don't rip and replace it
What about the foreign-made routers on the FCC's Covered List, or the decades-old controllers running essential services that can't simply be retired? Ripping out and replacing infrastructure that delivers public services is slow, expensive, and disruptive.
Factionizing is the faster, lower-cost path. Faction services and software secure the systems you already run — and replace only what genuinely can't be secured — bringing essential infrastructure to a Zero Trust, Cyber-Assured state with minimal disruption.
- Secure existing networking hardware in place rather than replacing it.
- Replace only what can't be brought up to standard — with Cyber-Assured Pods & Portals.
- No rip-and-replace project and no service interruption.
- Reach Zero Trust on your timeline and budget.
Supports your security mandates
Cryptographic isolation, owner-held keys, and identity-based access map to the frameworks critical-infrastructure operators answer to — applied to the OT and legacy systems traditional tools can't reach.
Cross-Sector Cybersecurity Performance Goals — segmentation, access control, and asset isolation by design.
Identify, Protect, and Detect functions supported by an owner-controlled architecture.
Identity-based, least-privilege access; nothing anonymous reaches a control system.
Full, scoped logs of who and what reached each system.
Scope and time-limit access for vendors and integrators, with audit trails.
Foreign-made routers pose clear risks and must be phased out. Factionize or drop in Pods & Portals to mitigate — without rip & replace.
Take action
With state-sponsored actors pre-positioned in U.S. critical infrastructure, the time to act is now. Faction lets you adopt owner-controlled Zero Trust rapidly and affordably across the OT and legacy systems that run essential services. Contact us for a consultation tailored to your operations.