The Water Information Sharing and Analysis Center (WaterISAC) recently released two fact sheets on the top actions water/wastewater systems can take to strengthen physical and cybersecurity efforts.
Among the chief recommendations for boosting physical security, the fact sheet included the following items to prioritize.
- Conduct a Risk and Vulnerability Assessment
- Document Emergency Response Plans, Policies, and Procedures
- Exercise Emergency Response Plans and Other Security Contingencies
- Conduct Awareness Training of the Threats and Risk Facing the Sector
- Network with Neighboring Utilities and Local Law Enforcement
On the cybersecurity side, the fact sheet recommended evaluating the following areas:
- Plan for Incidents, Emergencies, and Disasters
- Minimize Control System Exposure
- Create a Cyber Secure Culture and Protect from Insider Risks
- Implement System Monitoring for Treat Detection and Alerting
- Account for Critical Assets
- Enforce Access Control
- Embrace Risk-Based Vulnerability Management
- Secure Your Supply Chain
The water sector has experienced an escalation in threats over recent years, from physical security breaches to cyber attacks from foreign adversaries, including ransomware attacks and infiltration of online utility programs.
The Water Information Sharing and Analysis Center provides water and wastewater systems with actionable threat intelligence and guidance on risk mitigation, best practices and emergency response related to security. As of 2025, more than 640 water and wastewater systems were members of WaterISAC.
Earlier in February, the U.S. Environmental Protection Agency (EPA) highlighting what it called “progress” in protecting water systems from cyberattacks in 2025. EPA’s Office of Water said it proactively identified cybersecurity vulnerabilities at 277 water systems and worked to fix the issues with individualized solutions ranging from authentication protocols to enforcing strict access controls along with other technical updates and restrictions.
EPA said those cyber weaknesses included critical system components, such as technologies that control drinking water and wastewater processes, that are attractive targets to potential threat actors. The agency said the work is critical to safeguarding U.S. public health and economic growth.
“Access to clean and safe water is foundational to healthy people and environmental protection, thriving businesses, domestic manufacturing, AI, and agricultural production. The threat of cyberattacks is a relatively new and growing concern that water systems must proactively address,” said EPA Assistant Administrator for Water Jess Kramer.
“EPA is doing everything within its authority to help water systems tackle cybersecurity threats, including directly eliminating 350 vulnerabilities in 2025. Many cybersecurity solutions are free or low-cost practices that can make a real difference. We are committed to working with our partners in federal, state and local governments to ensure that all water systems are cybersecure.”
Sources: WaterISAC, AMWA, NRWA, EPA
Leave a Reply