Jessica Lilly Published

Water And Wastewater Systems Should Take Action Against Cyber Attacks 


The National Rural Water Association is encouraging water and wastewater utilities of all sizes to tighten cyber security.

Both water and wastewater systems are considered National Critical Functions or a lifeline and therefore a necessity to all. A security breach could cause issues ranging from economic to public health.

The Cybersecurity and Infrastructure Security Agency (WaterISAC) is focused on the effect of large water system outages but the association warns that a cyber-attack at a smaller system can be just as damaging to the people and economy in those communities.

The agency lists 15 tips for water utilities to tighten cyber security.

WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities says these should be implemented by all, as long as they apply:

1. Perform Asset Inventories

2. Assess Risks

3. Minimize Control System Exposure

4. Enforce User Access Controls

5. Safeguard from Unauthorized Physical Access

6. Install Independent Cyber-Physical Safety Systems

7. Embrace Vulnerability Management

8. Create a Cybersecurity Culture

9. Develop and Enforce Cybersecurity Policies and Procedures

10. Implement Threat Detection and Monitoring

11. Plan for Incidents, Emergencies, and Disasters

12. Tackle Insider Threats

13. Secure the Supply Chain

14. Address All Smart Devices

15. Participate in Information Sharing and Collaboration Communities