Secure and Resilient Utility

Cybersecurity & Guidance

cybersecurity-guidance-image
image

Resource Topics

Cybersecurity & Guidance

Page Content

Cybersecurity is the top threat facing business and critical infrastructure in the United States, according to reports and testimony from the Director of National Intelligence, the Federal Bureau of Investigation and the Department of Homeland Security. All water systems should act to examine cybersecurity vulnerabilities and develop a cybersecurity risk management program.

News

Cybersecurity News

AWWA UPDATE: U.S. House representatives introduce legislation supporting a collaborative approach to cybersecurity

Legislation that supports AWWA’s recommendation for a collaborative approach to cybersecurity in the water sector was introduced in the U.S. House of Representatives. Spearheaded by Reps. Rick Crawford (R-AR) and John Duarte (R-CA), H.R. 7922 authorizes an independent, non-federal entity to lead the development of cybersecurity requirements in the sector.

“Foreign adversaries such as Russia and China have utilized cyber-attacks to target critical infrastructure such as water systems. This bill is a more proactive approach to safeguarding our drinking and wastewater from these types of attacks. These protections are vital at a time where cyber threats are constant and technology is evolving quickly,” Rep. Crawford said.

“With the constant threat of cyberattacks by our adversaries, the United States’ water infrastructure must be secured and defended properly,” Rep. Duarte said. “I am proud to help lead this crucial legislation with Rep. Crawford to ensure that our wastewater and drinking water systems are adequately prepared to deal with potential cybersecurity threats.”

“Strong and effective cybersecurity oversight is critical for the water sector,” said American Water Works Association CEO David LaFrance. “Reps. Crawford and Duarte’s vision for a collaborative model that leverages the knowledge of the sector is the right approach for protecting water utilities from cyber-attacks.”

This WRRO leverages the technical knowledge of utilities, cybersecurity experts and regulators to implement a comprehensive cybersecurity risk management strategy. Federal oversight and approval of requirements would be provided by the U.S. Environmental Protection Agency, which already regulates drinking water and wastewater utility operations.

The proposed collaborative approach builds on a similar model that has already been successfully applied in the electric sector. The recommendation also aligns with calls for greater public-private collaboration included in the National Cyber Strategy.

AWWA has prepared a summary of the major bill provisions.

About

Cybersecurity: What Water Utility Leaders & Professionals Should Know

Cybersecurity is now a mission-critical function for water utilities. AWWA has developed a robust suite of guidance to help water utilities understand policies, comply with requirements and implement best practices.

To suggest updates and clarifications to this information, please email Kevin Morley, AWWA manager of federal relations, at kmorley@awwa.org.

Cybersecurity Oversight Options Explored

AWWA commissioned a report that explores industry-led regulatory options to support water sector cyber resilience, including the option of creating industry-wide cyber standards with oversight from a federal body, similar to what exists within the energy sector.

CISA Shields-Up Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urges everyone to protect themselves online and adopt a heightened posture when it comes to security. CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks.

Advertisement

Tool

AWWA Cybersecurity Assessment Tool & Guidance

Are you a community water system or do you support community water systems? If so, federal legislation requires systems serving 3,300 or more persons to consider cybersecurity threats in your risk and resilience assessment, as well as in your emergency response plan. This may sound daunting, but AWWA is here to help systems of all sizes.

Planning Resources

AWWA has developed some essential planning resources to start water utilities on the path to cyber-resilience. They are designed to help you clarify your utility’s exposure to cyber risks, set priorities, and execute an appropriate and proactive cybersecurity strategy.

  1. START HERE: Water Sector Cybersecurity Risk Management Guidance. Practical, step-by-step guidance from AWWA for protecting process control systems used by the water sector from cyberattacks. Following this guidance saves time and yields more comprehensive, accurate and actionable recommendations from the Assessment Tool.
  2. Assessment Tool. This interactive tool asks utilities to examine how they are using various technologies. Based on responses, the tool generates a customized, prioritized list of controls that are most applicable to the utility’s technology applications. Utilities can use this output to determine the implementation status of critical controls designed to mitigate cybersecurity vulnerabilities. AWWA website login is required for access.
  3. Small Systems Guidance. A getting-started guide to help small rural utilities improve their cybersecurity practices. For water utilities serving fewer than 10,000 people, and especially those serving fewer than 3,300 people.

About These Resources

AWWA’s Cybersecurity Guidance and Assessment Tool have been updated and revised to maintain alignment with the NIST Cybersecurity Framework (the key set of standards, methodologies, procedures, and processes designed to align policy, business, and technology solutions to cyber risks), and with Section 2013 of America’s Water Infrastructure Act of 2018 (AWIA).

Together, these resources constitute a voluntary approach for how a utility can implement applicable cyber controls from the NIST Cybersecurity Framework, and also fulfill the cybersecurity provision in AWIA §2013.

AWWA’s guidance and tools have been recognized by the U.S. EPA, Cybersecurity and Infrastructure Security Agency (CISA), NIST and several states for aiding water systems in evaluating cybersecurity risks.

Growing your utility’s cybersecurity maturity. This figure shows the levels of cybersecurity maturity (adapted from SANS), and how AWWA cybersecurity resources fit within this model.

AWWA-Cybersecurity-Maturity

Cybersecurity in the Water Sector Micro-learning

Water and wastewater systems have been targeted by cyber attacks across the United States. Utilities need to achieve cyber resilience to protect against growing threats and bad actors.

The micro-learning below provides a high-level summary of the current state of cyber security, what utilities should expect and details of our Awareness-Analysis-Act Framework. The course also provides a directory of cybersecurity resources available from AWWA. These resources include manuals, standards, helpful links, tools, and checklists, and longer eLearning courses.

Click on the white arrow below to get started.

   
Horsetooth Reservoir, Fort Collins, Colorado
POLICY

AWWA Policy Statements

AWWA’s policy statements are brief statements on protecting and improving water supply, water quality, management, and the interests of the public and the environment. They are written by consensus, subject to review and comment by AWWA committees, councils, and members. Because they represent AWWA’s position on these matters, they are approved by the AWWA Executive Committee of the board of directors.

Read more

Read less

TEC_20231023_192704206_iOS

Presentation to AWWA volunteers

TEC_2024

AWWA volunteers on office staircase

Get Involved

Technical Committee Engagement

AWWA members are recognized globally for their industry expertise and their generosity in sharing that expertise for a better world through better water. AWWA members participate in committee activities, developing conference programs, writing technical manuals, developing standards, creating educational content and contributing to AWWA publications. Committee members primarily interact through conference calls, emails, and face to face meetings at conferences and events.

Read more

Read less

The following committees are active in addressing issues about inorganic contaminants:

Inorganics Committee

Inorganic Contaminants Research Committee

Emerging Water Quality Issues Committee

Advertisement

Continue Your Journey

Membership-Volunteering@2x

Membership & Volunteering

Discover the resources and community to excel with AWWA membership.

Publications-Journals

Journals & Magazines

AWWA's journals and magazines are your trusted resource to stay current on water topics.

Resources

Resources Hub

Grow your water knowledge with technical reports and guides on a wide range of topics.