Cybersecurity

Resources for public water systems to prepare for and prevent cyberattacks

• American Water Works Association (AWWA)
  • Water Sector Cybersecurity Risk Management Tool, to be used with America's Water Infrastructure Act (AWIA).
  • Answer 22 yes/no questions about your water system’s current cyber practices.
  • Based on your answers, the tool generates a list of recommended cybersecurity controls your utility should implement to protect your Process Control System against cyberattack.
  • Recommended controls are assigned to four levels of priority.
  • The tool generates an Excel spreadsheet that you can use to evaluate and track the implementation status of each recommended control.
• Cybersecurity and Infrastructure Security Agency (CISA)
  • Cyber Security Evaluation Tool (CSET)
  • CISA & National Security Agency (NSA) Alert on Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems (7/23/2020)
  • CISA Industrial Control Systems Advisories and Reports
• Environmental Protection Agency (EPA)
  • Incident Action Checklist for Cybersecurity
  • Water Sector Cybersecurity Sector Brief for States
  • EPA Cybersecurity Best Practices for the Water Sector
• Water Information Sharing & Analysis Center (WaterISAC)
  • 15 Cybersecurity Fundamentals
  • Become a WaterISAC member
• Wisconsin Water/Wastewater Agency Response Network (WIWARN)
  • Free membership
  • Become a WIWARN member

Report any cybersecurity incidents to the following contacts

• Local law enforcement
• FBI 24/7 CyberWatch at 855-292-3937 or CyWatch@fbi.gov
• Department of Homeland Security (DHS)/Cybersecurity and Infrastructure Security Agency (CISA) at 888-282-0870 or Central@cisa.dhs.gov, or through the DHS CISA Incident Reporting System
• It is also recommended that events be shared with WaterISAC at analyst@waterisac.org or 866-426-4722 (866-H2O-ISAC)