Cybersecurity

PWS Cybersecurity

Cybersecurity is one of the top threats facing business and critical infrastructure in the United States. All drinking water systems should examine cybersecurity vulnerabilities and develop a cybersecurity risk management program, thus mitigating a cyberattack from impacting system operations. Breaches in cybersecurity practices can compromise the ability of drinking water utilities to provide clean and safe drinking water to customers, erode customer confidence and result in financial and legal liabilities.

Cybersecurity Assessments

Public water systems should conduct a cybersecurity assessment to identify gaps in cybersecurity practices. EPA and CISA are currently offering free cybersecurity assessments and technical assistance to drinking water utilities.

The EPA cybersecurity assessment tool can be obtained through the EPA Water Sector Cybersecurity Evaluation Program website

Cybersecurity & Infrastructure Security Agency (CISA) information can be found at the CISA Cyber Resource Hub

General Cybersecurity Tips

Reduce exposure to the public-facing internet
Conduct regular cybersecurity assessments
Train staff on cybersecurity awareness and best practices
Learn to identify malicious emails, ransomware, and phishing
Use strong passwords and multi-factor authentication, change default passwords immediately
Keep computers and other devices software updated to the latest version
Create an inventory of Operational Technology/Information Technology devices, software, networks, and the people who have access to them
Backup OT/IT systems
Include cyber-attacks and recovery in your Emergency Response Plan, and practice responding to a cyber incident
Reduce exposure to vulnerabilities

Division of Environmental Health Drinking Water Program

PWS Cybersecurity

Cybersecurity Assessments

General Cybersecurity Tips

Additional Cybersecurity Resources