SMT and Splunk provide more insight into the entire network of Rijkswaterstaat

The government organization Rijkswaterstaat is responsible for the management of the major (water) ways in the Netherlands. It is an extensive task in which IT systems and security are crucial for the performance. To minimize or even prevent downtime on the road and overdue maintenance, vulnerabilities in the IT environment are constantly monitored.

Cybersecurity has always been high on the agenda for Rijkswaterstaat. This led to the establishment of a Security Operations Centre, with which the frameworks for further professionalizing cybersecurity were laid down. After extensive research into various products, Splunk was chosen. Erik De Kruif, Product Owner Monitoring at Rijkswaterstaat, has set up a Splunk environment in collaboration with SMT. To unlock data that can be used for monitoring the performance and safety of Rijkswaterstaat systems.

From challenge to execution

In collaboration with SMT, a Splunk environment was set up. The platform constantly expanded and data was added in. “When we started using Splunk, we met certain needs,” says Erik de Kruif. “The insights we created with the platform led to follow-up questions. Then we started thinking: ‘what else can we do?’ The growth path went very quickly.”

Based on the demand from the Security Center to gain more, larger and better insight into the entire network of Rijkswaterstaat, we gradually started to unlock more and more data in Splunk,” Erik de Kruif continues. “Many use cases have been written for that.”

Why SMT?

“For us as a client, there is not much to choose from on the market. The supply is scarce. Yet, we still wanted the best in the market. Before we started, we had a lot of conversations with SMT and we gradually gained confidence in their quality.” Within the extensive organization of Rijkswaterstaat, with all of its internal stakeholders, it is important to listen to wishes on all levels. “We chose the best people for this project. Each and every one of them can work independently, have good professional skills, understand the process and create the best solutions.”

“Splunk-wizards that contributed immensly to the project and made our team stronger.”

Erik de Kruif

The bigger picture and internal stakeholders

Splunk is used in two ways within Rijkswaterstaat. The Security Center oversees everything and unlocks data from the most important and critical systems within the entire organization, spread across the country.

The monitoring team ensures that the foundation of the Splunk platform is in place. That way internal stakeholders, such as security operations center and the traffic management department, have the freedom to determine what web interface they want within the Splunk frameworks. “Do we need to monitor certain applications? Then data has to be unlocked and an alarm is set on which the team can act.” That way, Splunk became integrated throughout the organization.

A lot improved

Splunk is becoming more and more intertwined throughout the organization. It offers the possibility to oversee the entire chain and to intervene in time. Downtime is reduced by a large factor.

If there is a need for monitoring, it’s increasingly being executed by Splunk. “Take tunnels, for example. Closing a tunnel leads to enormous problems. There are multiple systems and seperate components. By visualizing the chain, we create a better and more complete image of the status. Through monitoring and dashboarding, we quickly see where action is needed, preferably even before the issue occurs. The impact is enormous, because the closure of a tunnel has a major economic impact.”

Willingness

Whether or not the investment in Splunk pays out, is not always clear from the get-go. The platform has a lot of possibilities, but the storage and processing of data requires more capacity, in which we had to invest as well. The thing that counts for Rijkswaterstaat is: What are the results? In our case, society has to profit from the investment. In our case, it is more than worth it.”