PWS Cybersecurity
Cybersecurity is one of the top threats facing business and critical infrastructure in the United States. All drinking water systems should examine cybersecurity vulnerabilities and develop a cybersecurity risk management program, thus mitigating a cyberattack from impacting system operations. Breaches in cybersecurity practices can compromise the ability of drinking water utilities to provide clean and safe drinking water to customers, erode customer confidence and result in financial and legal liabilities.
Cybersecurity Assessments
Public water systems should conduct a cybersecurity assessment to identify gaps in cybersecurity practices. EPA and CISA are currently offering free cybersecurity assessments and technical assistance to drinking water utilities.
EPA developed a cybersecurity assessment tool that PWS can use to complete a self-assessment or information can be requested on the EPA Water Sector Cybersecurity Evaluation Program website. The State of Alaska Homeland Security also offers a Cybersecurity Vulnerability Assessment for critical infrastructure. Information can be found at the DHS & EM Cyber Security Vulnerability Assessment webpage.
Cybersecurity & Infrastructure Security Agency (CISA) information can be found at the CISA Cyber Resource Hub
General Cybersecurity Tips
- Reduce exposure to the public-facing internet
- Conduct regular cybersecurity assessments
- Train staff on cybersecurity awareness and best practices
- Learn to identify malicious emails, ransomware, and phishing
- Use strong passwords and multi-factor authentication, change default passwords immediately
- Keep computers and other devices software updated to the latest version
- Create an inventory of Operational Technology/Information Technology devices, software, networks, and the people who have access to them
- Backup OT/IT systems
- Include cyber-attacks and recovery in your Emergency Response Plan, and practice responding to a cyber incident
- Reduce exposure to vulnerabilities
Additional Cybersecurity Resources
- Fact Sheet: EPA's Cybersecurity Resources for Drinking Water and Wastewater Systems
- Top Cyber Actions for Securing Water Systems
- EPA Cybersecurity for the Water Sector
- American Water Works Association - Cybersecurity & Guidance
- WaterISAC - 15 Cybersecurity Fundamentals for Water and Wastewater Utilities