Cybersecurity
Cybersecurity is the top threat facing business and critical infrastructure in the United States, according to reports and testimony from the Director of National Intelligence, the Federal Bureau of Investigation and the Department of Homeland Security. All water systems should act to examine cybersecurity vulnerabilities and develop a cybersecurity risk management program. Cyber-attacks on water utility business enterprise or process control systems can cause significant harm, such as:- Upset treatment and conveyance processes by opening and closing valves, overriding alarms or disabling pumps or other equipment;
- Deface the utility’s website or compromise the email system;
- Steal customers’ personal data or credit card information from the utility’s billing system; and
- Install malicious programs like ransomware, which can disable business enterprise or process control operations.
- CT DPH - Cybersecurity Self-Assessment Checklist for PWS
- EPA Cybersecurity Guide for States
- EPA Cybersecurity Incident Action Checklist
EPA Cybersecurity Best Practices for the Water Sector
- https://www.epa.gov/waterriskassessment/epa-cybersecurity-best-practices-water-sector
- Incident Action Checklists for Water Utilities - https://www.epa.gov/waterutilityresponse/incident-action-checklists-water-utilities
EPA Emergency Response Plan Templates
- https://www.epa.gov/waterutilityresponse/develop-or-update-emergency-response-plan
- https://www.awwa.org/Resources-Tools/Resource-Topics/Risk-Resilience/Cybersecurity-Guidance