Water and Wastewater Systems Sector Cybersecurity
Helping water and wastewater entities build resilience to cyber threats and hazards by providing information and resources that water and wastewater utilities can leverage to enhance their cybersecurity posture.
On this page:
- About the Program
- Types of Assistance
- How This Program Helps Build Resilience
- Connections to Other EPA, Federal, or Non-Governmental Efforts
About the Program
Presidential Policy Directive 21, Critical Infrastructure Security and Resilience, designates the EPA as the Sector-Specific Agency charged with ensuring that the water sector is prepared for any hazard, including cyber risks. Climate change can augment some of the risks associated with cybersecurity vulnerabilities, such as natural disaster incidents.
Types of Assistance
The EPA’s Water and Wastewater Systems Sector Cybersecurity Program offers state, local, private, Tribal, and territorial industry partners technical and outreach and education assistance that can also help build climate resilience.
Technical Assistance
- The Water Sector Cybersecurity Technical Assistance Provider Program trains state and regional water sector technical assistance providers to 1) assess cybersecurity practices at water and wastewater systems and 2) guide systems through developing a cybersecurity action plan to reduce risks and enhance resilience. The program includes follow-up assistance opportunities after the original assessment. For more information, please contact safewater@epa.gov.
- Water Sector Cybersecurity Brief for States is a guide to assist state technical assistance providers with assessing cybersecurity practices at water and wastewater systems and developing an improvement plan to reduce cyber risks.
- Cybersecurity Incident Action Checklist is a simple “rip and run” checklist that provides steps for water and wastewater systems to prepare for, respond to, and recover from a cybersecurity incident.
- VSAT Web 2.0 is an online tool that leads water and wastewater systems through an all-hazards risk assessment, including risks from cybersecurity incidents and the assessment of costs and benefits of additional countermeasures to reduce risks. This tool includes the capability to analyze cyber threat scenarios.
- Cybersecurity Tabletop Exercise with Water Utilities provides water and wastewater systems with the resources to plan, conduct and evaluate tabletop exercises for all-hazards scenarios, including cybersecurity incidents.
Outreach and Education Assistance
- The Water Sector Cybersecurity Training and Response Exercises program offers courses both online and at locations across the country that address water sector cybersecurity threats, vulnerabilities, consequences, best practices, resources, and program development. The courses also include guided response exercises for water sector cybersecurity incidents. For more information, please contact safewater@epa.gov.
How This Program Helps Build Resilience
This program can help water and wastewater entities build resilience to cyber threats and hazards that natural disaster incidents can compound by providing information and resources that water and wastewater utilities can leverage to enhance their cybersecurity posture.
The cybersecurity program has completed several projects and provided programmatic support for pre- and post-natural-disaster activities, including:
- Training thousands of water and wastewater utilities nationwide on cybersecurity threats, vulnerabilities, consequences, incident response, and program development.
- Developing targeted guidance, tools, and materials for specific segments of the water sector to fill gaps in existing industry standards, best practices, and guidance.
- Conducting incident management responsibilities consistent with statutory authority and other appropriate policies, directives, or regulations.
- Providing, supporting, or facilitating technical assistance and consultations for water and wastewater utilities to identify vulnerabilities and help mitigate incidents.
Connections to Other EPA, Federal, or Non-Governmental Efforts
The EPA fulfills its critical mission in water sector cybersecurity in coordination with the Department of Homeland Security; the Water Sector Coordinating Council; and other federal, state, local, Tribal and territorial, and private sector partners by helping water and wastewater utilities prepare for, respond to, and recover from cyber-attacks.
As a member of the Water Sector Coordinating Council (a policy, strategy, and coordination mechanism for the U.S. water and wastewater systems sector), the EPA works with the following organizations on critical infrastructure security and resilience issues:
- American Water Works Association
- Association of Metropolitan Water Agencies
- National Association of Clean Water Agencies
- National Association of Water Companies
- National Rural Water Association
- Water Environment Federation
- WaterISAC
- Water Research Foundation
This program also works in partnership with the National Security Council, including regular participation in the Cyber Response Group and other interagency work groups, to address cybersecurity policy issues and cyber incidents.