
Cyber Security for the Water Sector
Like other critical infrastructure, the water sector can be a target of cyber security threats and hazards. Implementing cybersecurity best practices is critical for water and wastewater utilities (USEPA).
Tools
- AWWA Cybersecurity Assessment Tool – an interactive tool that generates a customized list of controls that are applicable to the utility’s technology applications. Login required.
- Water Sector Cybersecurity Risk Management Guidance – AWWA Cybersecurity Tool User Guidance
- Vulnerability Self Assessment Tool 2.0 – this online tool leads water and wastewater systems through a risk assessment and shows costs and benefits of additional countermeasures to reduce risks.
- Develop and Conduct a Water Resilience Tabletop Exercise with Water Utilities – this tool provides water and wastewater systems with the resources to plan, conduct and evaluate all-hazard scenarios including cybersecurity incidents.
Guides
- 15 Cybersecurity Fundamentals for Water and Wastewater Utilities – this guide contains best practices, grouped into 15 main categories, that water and wastewater systems can implement to reduce security risks to their IT and OT systems.
- Cybersecurity Incident Action Checklist – This guide provides steps for water and wastewater systems to prepare for, respond to and recover from a cybersecurity incident.
- Cybersecurity Risk and Responsibility Guide – this guide covers the scope and significance of cyber threats, operator responsibility to anticipate threats and address vulnerabilities, strategy to manage risks and prioritize solutions.
- National Cyber Threat Assessment 2020 – this document highlights the cyber threats facing individuals and organizations in Canada.
- Ransomware Playbook – publication from the Canadian Centre for Cyber Security to provide information on how to defend against ransomware and how to recover from ransomware.
- Water Sector Cybersecurity Risk Management Guidance – practical guidance from AWWA for protecting process control systems used by the water sector.
- Water Sector Cybersecurity: Risk Management Guidance for Small Systems – a guide for small utilities to help improve their cybersecurity practices.
Manuals
- M19: Emergency Planning for Water and Wastewater Utilities, 5th edition. All-hazards approach for principles, practices, and guidelines in water utility emergency planning. Covers plan development, mutual aid partnerships, communication strategies, staff preparedness, risk mitigation and more. Purchase required.
Standards
- ANSI/AWWA G430-14(R20): Security Practices for Operation and Management – covers the minimum requirements for a protective security program for a water, wastewater, or reuse utility. Purchase required.
- ANSI/AWWA G440-17: Emergency Preparedness Practices – covers minimum requirements to establish and maintain an acceptable level of emergency preparedness based on identified and perceived risks facing water utilities. Purchase required.
- ANSI/AWWA J100-21: Risk and Resilience Management of Water and Wastewater Systems – enables water and wastewater utility owners and operators to make sound decisions when allocating limited resources to reducing risk and improving resilience. Purchase required.
- ANSI/AWWA G300-14: Source Water Protection – critical requirements for the effective protection of source waters. Purchase required.
- NIST Cybersecurity Framework – key set of standards, methodologies, procedures, and processes designed to align policy, business, and technology solutions to cyber risks. Purchase required.
Articles
- Cyber Security for Water Utilities
- Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks
- Cyber Security of Water SCADA Systems—Part II: Attack Detection Using Enhanced Hydrodynamic Models
- Engineering Cyber–Physical Resilience
- It’s Time to Regulate Water and Wastewater Cybersecurity–Here’s How
- Security considerations for industrial control systems
Alerts
- Cyber threat bulletin: Cyber Centre reminds Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity
- Alert: Compromise of U.S. Water Treatment Facility
- Alert: Destructive Malware Targeting Organizations in Ukraine
- Alert: New Sandworm Malware Cyclops Blink Replaces VPNFilter
- Alert: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
- Alert: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
- Alert: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
- Water Sector Cybersecurity Brief for the States
- Cyclops Blink
- Cyclops Blink Malware Analysis Report: Modular Malware Framework Targeting SOHO Network Devices
- Shields Up Guidance for All Organizations
- Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
- Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
- UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests
Training
- Cybersecurity in the Water Sector – this course is designed to teach participants how to use the AWWA Water Sector Cybersecurity Risk Management Tool, to recognize gaps in a utility’s cybersecurity coverage and be able to take actionable steps to manage cybersecurity risks.
Case Studies
- Ontario town plans to pay ransom after computers locked down
- Wasaga Beach pays cyber criminals thousands to regain access to town servers: staff report
- Toronto Water SCADA System Security – Results of 2021 Follow-up of Previous Audit Recommendations
- Cyber attack on small Illinois water treatment plant has serious implications: security expert
- Hacker dangerously raises sodium hydroxide levels at Florida water plant
- Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.
Disponible en français.
Image from https://www.freepik.com/
Read More
Climate Change
This post provides information on climate change and its potential effects to drinking water systems. Information is provided to aid with contingency planning for possible future situations.
Visit our online library’s main webpage to find more resources on topics related to drinking water.
Abstracts & Articles
Climate Change Adaptation Capacity in Ontario Conservation Authorities: A Case Study Evaluation
Effects of Climate Change On Water Utilities
Great Lakes drinking water study links gastro bugs to heavy storms
Putting a Price on How Much Albertans Value the Reliability of their Drinking Water Supply
Report on the Operational and Economic Impacts of Hurricane Irene on Drinking Water Systems
Three Essays on the Economics of Innovation as Adaptation to Climate Change
Vulnerability of Quebec drinking-water treatment plants to cyanotoxins in a climate change context
Excel Spreadsheets
Canadian Water and Wastewater Association Climate Change Resource Databank
Fact Sheets
7 Steps to Effective Drought Contingency Planning
After the Hurricanes: Managing and Disinfecting a Flooded Well
Bushfires and the Risks to Drinking Water Quality
Cleaning and Disinfecting Water Cisterns After Floods and Heavy Rains
Disinfection of Bored or Dug Wells After an Emergency
Disinfection of Drilled or Driven Wells After an Emergency
Don’t Let a Summer Drought Catch You Off-Guard
Flood Resilience: A Basic Guide for Water and Wastewater Utilities
Incident Action Checklist – Drought
Incident Action Checklist – Flooding
Protecting Your Water System Against the Risks and Effects of Fire
Guides
Best Practices and Resources on Climate Resilient Natural Infrastructure
Canada’s Marine Coasts in a Changing Climate
Collaborative Decision-Making for Drought Management: Improving Multi-Actor Approaches
Confronting Climate Change: An Early Analysis of Water and Wastewater Adaptation Costs
Drought Planning for Small Community Water Systems
Drought Response and Recovery Guide for Water Utilities
Presentations
Climate Change and the Impact to the Community Long Term Water Supply
Fires, Floods, and Bugs: How Climate Change Impacts Drinking Water Source Quality
Hazard Mitigation For Natural Disasters: A Starter Guide for Water and Wastewater Utilities
Tools
Tools for Climate Change Vulnerability Assessments for Watersheds
Video and Audio
Changes in Water Use Under Regional Climate
Conserve Water, Act on Climate
Drought Webcast Series: Customer Communications During Drought
Drought Webcast Series: Financial Resiliency During Droughts
Drought Webcast Series: Turf Replacement Programs
Drought Webcast Series: Using Cost-Benefit Analyses to Compare Drought Management Practices
Fredericktown, Missouri: Water Utility Climate Adaptation Planning
Water Resource Planning Options for Climate Change
Water Utilities and Climate Change Research – Farmcast Radio Interview
Read More