Cybersecurity & Guidance

AWWA Resources on Cybersecurity 

Cybersecurity is the top threat facing business and critical infrastructure in the United States, according to reports and testimony from the Director of National Intelligence, the Federal Bureau of Investigation and the Department of Homeland Security. All water systems should act to examine cybersecurity vulnerabilities and develop a cybersecurity risk management program.

AWWA is offering free Cybersecurity workshops specifically targeted towards small systems attendees. Learn more.

Related Resources

Risk & Resilience



AWWA recently commissioned a report that explores industry-led regulatory options to support water sector cyber resilience, including the option of creating industry-wide cyber standards with oversight from a federal body, similar to what exists within the energy sector.


AWWA’s Cybersecurity Guidance and Assessment Tool have been updated and revised to maintain alignment with the NIST Cybersecurity Framework and Section 2013 of America’s Water Infrastructure Act (AWIA) of 2018. Collectively these resources provide the water sector with a voluntary, sector-specific approach for implementing applicable cybersecurity controls and recommendation. AWIA requires all community water systems serving a population of 3,300 or more to consider cybersecurity threats as part of a risk and resilience assessment and emergency response plan. AWWA’s Cybersecurity Guidance and Assessment Tool have been recognized by the USEPA, DHS, NIST and several states for aiding water systems in evaluating cybersecurity risks.

Cybersecurity requires a commitment to action as part of an all-hazards risk management strategy as recommended in ANSI/AWWA G430: Security Practices for Operations and Management. The AWWA Cybersecurity Guidance and Assessment Tool are living documents, and it is expected that further revisions and enhancements will be implemented based on input from users. In addition, AWWA’s Cybersecurity Risk & Responsibility in the Water Sector resource provides important legal and risk management insights that utility leaders and decision makers should take under advisement relative to integrating cybersecurity into their enterprise risk management process.

Training on the Guidance and Assessment Tool is part of the Utility Risk & Resilience Certificate Program or can be accessed independently. AWWA Sections also have the option to host in-person trainings on these cybersecurity resources by request.



Didn't find what you are looking for? Please contact us at