Water utilities have become one of the most targeted critical infrastructure sectors in the United States. Since 2023, Iranian-linked CyberAv3ngers, Russian-affiliated groups, and Chinese state actors have successfully attacked municipal water systems across Texas, Pennsylvania, Massachusetts, and beyond. A joint FBI/CISA/EPA advisory in April 2026 confirmed that direct manipulation of water facility control systems is now an active, ongoing threat.
But cyber is only half the story. Water infrastructure is uniquely exposed to physical threats: distributed pump stations, remote intake facilities, water towers, and treatment plants spread across wide service areas, often with minimal on-site staffing and aging access control.
Keys get copied. Badges get shared. PIN codes get written down. A stolen credential can open a door that leads directly to chemical dosing systems, SCADA terminals, or distribution valves—turning a physical breach into a public health event.
This QuickChat will explore why identity-based access control—using face recognition as the credential itself—is emerging as the most effective way to close the physical-access gap in a multi-threat environment. We'll discuss why a face cannot be lost, shared, or cloned; how sub-second biometric verification with liveness detection defeats the most common intrusion tactics; how remote, consent-based enrollment simplifies credential management across distributed facilities; and how face-first access aligns with the zero-trust principles the cyber side of utility security has already embraced.
The goal is to give utility decision-makers a clear, practical framework for evaluating where face recognition fits in a modern, defense-in-depth security posture.
Learn more at Salto.US and Salto XS4 Face.
Timestamps
- 0:56 | From your perspective, where are utilities most exposed right now, and what role does physical access control play in that bigger picture?
- 2:05 | Traditional access control in the water sector relies heavily on keys, proximity cards, and PIN codes. What are the specific failure modes of those credentials in a utility environment, and why have they become a liability rather than a safeguard?
- 4:21 | Face recognition has moved from novelty to mainstream in a lot of industries. What makes it specifically well-suited to the operational realities of water utilities—distributed sites, small teams, regulatory scrutiny, and the need for auditable access?
- 6:15 | How does a modern face recognition access system handle enrollment, consent, and data protection in a way that satisfies both regulators and the public?
- 7:51 | The cybersecurity side of water utility security has embraced zero-trust principles—verify every user, every time. How does face-based identity verification bring that same philosophy to physical access, and what does real IT/OT/physical convergence actually look like on the ground?
- 8:57 | Which facilities or access points should they consider prioritizing, and what should they realistically expect in terms of deployment, integration with existing systems, and return on investment?
This content is sponsored by:
