Resilience for water, transport & building systems
Faction delivers enterprise-grade Zero Trust at a fraction of the cost of Enterprise SDN or ZTNA — protecting your vulnerable OT & IoT, data, and communications without rip-and-replace
Water, transportation, and building systems depend on operational technology that was never designed for an internet-connected world — and often run by lean teams with tight budgets. Faction brings these systems into an owner-controlled network without disrupting the services people rely on.
These systems are a deliberate target. State-sponsored actors — the campaign known as Volt Typhoon — have pre-positioned inside U.S. water, pipeline, and transportation networks so they can disrupt essential services in a crisis. The FCC has determined that foreign-made routers pose an unacceptable national-security risk, and many are already in these networks.
Service disruption
Water, transport, and building systems knocked offline — with real public consequences.
Public safety
When essential services fail, the impact reaches people directly.
Recovery costs
Incident response and replacement a lean operation can't easily absorb.
Regulatory exposure
Sector security requirements carry real accountability for operators.
Networking
- Control systems that must stay connected — and are reachable from the public internet today
- The 'living off the land' paths nation-state actors use to hide in normal traffic
- Foreign-made networking hardware now flagged as a national-security risk, already on-site
- Secure coordination across the operators and vendors who run the systems
Devices
- Decades-old PLCs, RTUs, and controllers that can't be patched
- Sensors and field devices across distributed sites
- Everyday smart hardware — printers, cameras, UPS — used as a way in
- Cloud application servers that control field devices
Data
- Operational data and telemetry that can be manipulated in transit
- Communications between the parties that operate the systems
- Records compliance requires you to store and share
- Data downloaded onto vendor and staff BYOD devices
Virtual Private Circuit (VPC)
Take controllers, sensors, and the application servers that manage them off the public internet into a circuit only you can see and reach — then segment and micro-segment it with Groups, so essential systems stay isolated.
- Sites, controls, and operations on one circuit
- Essential systems reachable only from inside
- Identity-based access between segments
- No shared cloud control plane to compromise
Owner-Held Keys & Zero Knowledge
Encryption keys are created and held by the operator and never leave your devices. Faction routes traffic but has no access to what you protect.
- Operational data encrypted end to end
- Keys stay with the operator
- Encrypted in transit and at rest
- No vendor in your trust path
Zero Trust, Identity-Based Access
Every user and device is authenticated and authorized; nothing anonymous can reach the circuit. Scope and revoke access for the vendors who touch field systems.
- Out-of-band Zero Trust authentication
- Time-limited, scoped vendor access with audit trails
- Step-up to verified human identity (iValt, roadmap)
- No anonymous movement on the network
Cyber-Assured Hardware — Pods & Portals
Faction's own purpose-built, Cyber-Assured networking hardware brings controllers and legacy systems into the circuit with no agent — and is trusted hardware by design, a direct answer to the foreign hardware now flagged by the FCC.
- Reach controllers, sensors, and field gear
- No agent, no patching of the device
- US-made, independently source-inspected
- Built for distributed, unmanned sites
Encrypted Data & Ransomware-Proof Backup
The Faction Data Security Suite keeps files, email, and media encrypted under your keys — and backs them up where only you can decrypt them.
- Keep the email and cloud tools teams already use
- Every file encrypted under your own keys
- Owner-keyed backup that can't be ransomed
- Share with partners without exposing operations
Factionize your infrastructure — don't rip and replace it
What about the foreign-made routers on the FCC's Covered List, or the decades-old controllers running essential services that can't simply be retired? Ripping out and replacing infrastructure that delivers public services is slow, expensive, and disruptive.
Factionizing is the faster, lower-cost path. Faction services and software secure the systems you already run — and replace only what genuinely can't be secured — bringing essential infrastructure to a Zero Trust, Cyber-Assured state with minimal disruption.
- Secure existing networking hardware in place rather than replacing it.
- Replace only what can't be brought up to standard — with Cyber-Assured Pods & Portals.
- No rip-and-replace project and no service interruption.
- Reach Zero Trust on your timeline and budget.
Supports your security mandates
Cryptographic isolation, owner-held keys, and identity-based access map to the frameworks critical-infrastructure operators answer to — applied to the OT and legacy systems traditional tools can't reach.
Cross-Sector Cybersecurity Performance Goals — segmentation, access control, and asset isolation by design.
Identify, Protect, and Detect functions supported by an owner-controlled architecture.
Identity-based, least-privilege access; nothing anonymous reaches a control system.
Full, scoped logs of who and what reached each system.
Scope and time-limit access for vendors and integrators, with audit trails.
Foreign-made routers pose clear risks and must be phased out. Factionize or drop in Pods & Portals to mitigate — without rip & replace.
Own your trust. Keep your peace of mind.
The new threat environment calls for a new Zero Trust model. We'd welcome the chance to show you how Faction puts you in control and secures your critical systems and assets rapidly with low cost and IT overhead.