Cybersecurity is the top threat facing business and critical infrastructure in the United States, according to reports and testimony from the Director of National Intelligence, the Federal Bureau of Investigation and the Department of Homeland Security. All water systems should act to examine cybersecurity vulnerabilities and develop a cybersecurity risk management program.
AWWA is offering free Cybersecurity workshops specifically targeted towards small systems attendees. Learn more.
Risk & Resilience
AWWA’s Cybersecurity Guidance and Assessment Tool have been updated and revised to maintain alignment with the NIST Cybersecurity Framework and Section 2013 of America’s Water Infrastructure Act (AWIA) of 2018. Collectively these resources provide the water sector with a voluntary, sector-specific approach for implementing applicable cybersecurity controls and recommendation. AWIA requires all community water systems serving a population of 3,300 or more to consider cybersecurity threats as part of a risk and resilience assessment and emergency response plan. AWWA’s Cybersecurity Guidance and Assessment Tool have been recognized by the USEPA, DHS, NIST and several states for aiding water systems in evaluating cybersecurity risks.
Cybersecurity requires a commitment to action as part of an all-hazards risk management strategy as recommended in ANSI/AWWA G430: Security Practices for Operations and Management. The AWWA Cybersecurity Guidance and Assessment Tool are living documents, and it is expected that further revisions and enhancements will be implemented based on input from users. In addition, AWWA’s Cybersecurity Risk & Responsibility in the Water Sector resource provides important legal and risk management insights that utility leaders and decision makers should take under advisement relative to integrating cybersecurity into their enterprise risk management process.
Training on the Guidance and Assessment Tool is part of the Utility Risk & Resilience Certificate Program or can be accessed independently. AWWA Sections also have the option to host in-person trainings on these cybersecurity resources by request.
Didn't find what you are looking for? Please contact us at firstname.lastname@example.org