Cybersecurity

Resources for public water systems to prepare for and prevent cyberattacks

American Water Works Association (AWWA)
- Water Sector Cybersecurity Risk Management Tool, to be used with Water Sector Cybersecurity Risk Management Guidance
  - Free tool designed to help water systems of all sizes.
  - Meets the cybersecurity requirements of America's Water Infrastructure Act (AWIA).
  - Answer 22 yes/no questions about your water system’s current cyber practices.
  - Based on your answers, the tool generates a list of recommended cybersecurity controls your utility should implement to protect your Process Control System against cyberattack.
  - Recommended controls are assigned to four levels of priority.
  - The tool generates an Excel spreadsheet that you can use to evaluate and track the implementation status of each recommended control.

Cybersecurity and Infrastructure Security Agency (CISA)

Environmental Protection Agency (EPA)

Water Information Sharing & Analysis Center (WaterISAC)
- 15 Cybersecurity Fundamentals
- Become a WaterISAC member

Wisconsin Water/Wastewater Agency Response Network (WIWARN)
- Free membership
- Become a WIWARN member

Federal Bureau of Investigation (FBI), CISA, EPA and Multi-State Information Sharing & Analysis Center (MS-ISAC) joint statement related to the cyberattack at a Florida water utility in February 2021

Report any cybersecurity incidents to the following contacts

Local law enforcement
FBI 24/7 CyberWatch at 855-292-3937 or CyWatch@fbi.gov
Department of Homeland Security (DHS)/Cybersecurity and Infrastructure Security Agency (CISA) at 888-282-0870 or Central@cisa.dhs.gov, or through the DHS CISA Incident Reporting System
It is also recommended that events be shared with WaterISAC at analyst@waterisac.org or 866-426-4722 (866-H2O-ISAC)