Cybersecurity

Cybersecurity is the top threat facing business and critical infrastructure in the United States, according to reports and testimony from the Director of National Intelligence, the Federal Bureau of Investigation and the Department of Homeland Security. All water systems should act to examine cybersecurity vulnerabilities and develop a cybersecurity risk management program. Cyber-attacks on water utility business enterprise or process control systems can cause significant harm, such as:

Upset treatment and conveyance processes by opening and closing valves, overriding alarms or disabling pumps or other equipment;
Deface the utility’s website or compromise the email system;
Steal customers’ personal data or credit card information from the utility’s billing system; and
Install malicious programs like ransomware, which can disable business enterprise or process control operations.

These attacks can: compromise the ability of water utilities to provide clean and safe water to customers, erode customer confidence, and result in financial and legal liabilities.” Resources are here available to help you develop a cybersecurity prevention and response plan.

SAN and NIST websites have a wealth of information system security policies and templates that may help IT Managers develop their plans and policies.

EPA Cybersecurity Best Practices for the Water Sector

https://www.epa.gov/waterriskassessment/epa-cybersecurity-best-practices-water-sector
Incident Action Checklists for Water Utilities - https://www.epa.gov/waterutilityresponse/incident-action-checklists-water-utilities

EPA Emergency Response Plan Templates

https://www.epa.gov/waterutilityresponse/develop-or-update-emergency-response-plan
- ERP Template and Instructions for Drinking Water Utilities
- ERP Template and Instructions for Wastewater Utilities AWWA Resources on Cybersecurity
https://www.awwa.org/Resources-Tools/Resource-Topics/Risk-Resilience/Cybersecurity-Guidance

Connecticut State Department of Public Health

Cybersecurity