Water and Wastewater Cybersecurity
Dear Water and Wastewater Members,
As you navigate the challenges of managing water infrastructure, SDAO wants to emphasize the critical importance of cybersecurity. Water systems are increasingly complex and protecting them against cyber threats is paramount.
The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS). Its mission is to safeguard the nation’s critical infrastructure by coordinating cybersecurity efforts, protecting against cyber threats, and improving resilience. CISA provides resources to protect water and wastewater systems against cyber threats. Go to the CISA Water and Wastewater Cybersecurity page to find more information on the following:
Water and Wastewater Cybersecurity Toolkit:
- Developed by CISA and the Environmental Protection Agency (EPA).
- Highlights relevant resources for water systems’ cybersecurity.
- Includes fundamental cyber hygiene steps and advanced tools to strengthen defenses.
Free Cyber Vulnerability Scanning:
- CISA offers free vulnerability scanning for water utilities.
- Helps identify and address vulnerabilities in digital systems.
EPA Water Resilience Cybersecurity Help Desk:
- Available 24/7.
- Provides guidance on preventing, detecting, responding to, and recovering from cyber incidents.
Free Cybersecurity Assessment Service:
- EPA conducts free cyber assessments for drinking water and wastewater utilities.
- Uses EPA’s Cybersecurity Checklist derived from CISA’s guidelines.
CISA Region 10 is hosting monthly water sector cybersecurity webinars for water and wastewater districts. The webinar is crucial for water infrastructure owners, operators, and representatives in preparing for a potential “entity notification” and helping the nation get ahead of the water sector cyber threats.
Each webinar will provide:
- An introduction of key federal, state, and local partners who work jointly with CISA to help complete cybersecurity self-assessment.
- The Cyber Security Evaluation Tool (CSET) provides a systematic, disciplined, and repeatable approach for evaluating an organization’s security posture. CSET is a desktop software tool that guides asset owners and operators through a step-by-step process to evaluate industrial control system (ICS).
- Live Demonstration of the Readiness Ransomware Assessment and Cybersecurity Performance Goals Assessment.
- Discussion on the Incident Management Review process and how to complete multiple self-assessments.
- Real world cyber insights from CISA security advisors.
- An interactive Q&A session to address your state specific and general questions for CISA Region 10.
Learn more and view registration links (PDF)
Remember, safeguarding water infrastructure is crucial for public safety and resilience. Let’s prioritize cybersecurity to protect our communities and maintain public trust.