risk management Tag

Cyber Security for the Water Sector

Like other critical infrastructure, the water sector can be a target of cyber security threats and hazards. Implementing cybersecurity best practices is critical for water and wastewater utilities (USEPA).

---

Tools

• AWWA Cybersecurity Assessment Tool – an interactive tool that generates a customized list of controls that are applicable to the utility’s technology applications. Login required.
• Water Sector Cybersecurity Risk Management Guidance – AWWA Cybersecurity Tool User Guidance
• Vulnerability Self Assessment Tool 2.0 – this online tool leads water and wastewater systems through a risk assessment and shows costs and benefits of additional countermeasures to reduce risks.
• Develop and Conduct a Water Resilience Tabletop Exercise with Water Utilities – this tool provides water and wastewater systems with the resources to plan, conduct and evaluate all-hazard scenarios including cybersecurity incidents.

---

Guides

• 15 Cybersecurity Fundamentals for Water and Wastewater Utilities – this guide contains best practices, grouped into 15 main categories, that water and wastewater systems can implement to reduce security risks to their IT and OT systems.
• Cybersecurity Incident Action Checklist – This guide provides steps for water and wastewater systems to prepare for, respond to and recover from a cybersecurity incident.
• Cybersecurity Risk and Responsibility Guide – this guide covers the scope and significance of cyber threats, operator responsibility to anticipate threats and address vulnerabilities, strategy to manage risks and prioritize solutions.
• National Cyber Threat Assessment 2020 – this document highlights the cyber threats facing individuals and organizations in Canada.
• Ransomware Playbook – publication from the Canadian Centre for Cyber Security to provide information on how to defend against ransomware and how to recover from ransomware.
• Water Sector Cybersecurity Risk Management Guidance – practical guidance from AWWA for protecting process control systems used by the water sector.
• Water Sector Cybersecurity: Risk Management Guidance for Small Systems – a guide for small utilities to help improve their cybersecurity practices.

---

Manuals

• M19: Emergency Planning for Water and Wastewater Utilities, 5th edition. All-hazards approach for principles, practices, and guidelines in water utility emergency planning. Covers plan development, mutual aid partnerships, communication strategies, staff preparedness, risk mitigation and more. Purchase required.

---

Standards

• ANSI/AWWA G430-14(R20): Security Practices for Operation and Management – covers the minimum requirements for a protective security program for a water, wastewater, or reuse utility. Purchase required.
• ANSI/AWWA G440-17: Emergency Preparedness Practices – covers minimum requirements to establish and maintain an acceptable level of emergency preparedness based on identified and perceived risks facing water utilities. Purchase required.
• ANSI/AWWA J100-21: Risk and Resilience Management of Water and Wastewater Systems – enables water and wastewater utility owners and operators to make sound decisions when allocating limited resources to reducing risk and improving resilience. Purchase required.
• ANSI/AWWA G300-14: Source Water Protection – critical requirements for the effective protection of source waters. Purchase required.
• NIST Cybersecurity Framework – key set of standards, methodologies, procedures, and processes designed to align policy, business, and technology solutions to cyber risks. Purchase required.

---

Articles

• Cyber Security for Water Utilities
• Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks
• Cyber Security of Water SCADA Systems—Part II: Attack Detection Using Enhanced Hydrodynamic Models
• Engineering Cyber–Physical Resilience
• It’s Time to Regulate Water and Wastewater Cybersecurity–Here’s How
• Security considerations for industrial control systems

---

Alerts

• Cyber threat bulletin: Cyber Centre reminds Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity
• Alert: Compromise of U.S. Water Treatment Facility
• Alert: Destructive Malware Targeting Organizations in Ukraine
• Alert: New Sandworm Malware Cyclops Blink Replaces VPNFilter
• Alert: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
• Alert: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
• Alert: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
• Water Sector Cybersecurity Brief for the States
• Cyclops Blink
• Cyclops Blink Malware Analysis Report: Modular Malware Framework Targeting SOHO Network Devices
• Shields Up Guidance for All Organizations
• Threat Brief: Ongoing Russia and Ukraine Cyber Conflict
• Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
• UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests

---

Training

• Cybersecurity in the Water Sector – this course is designed to teach participants how to use the AWWA Water Sector Cybersecurity Risk Management Tool, to recognize gaps in a utility’s cybersecurity coverage and be able to take actionable steps to manage cybersecurity risks.

---

Case Studies

• Ontario town plans to pay ransom after computers locked down
• Wasaga Beach pays cyber criminals thousands to regain access to town servers: staff report
• Toronto Water SCADA System Security – Results of 2021 Follow-up of Previous Audit Recommendations
• Cyber attack on small Illinois water treatment plant has serious implications: security expert
• Hacker dangerously raises sodium hydroxide levels at Florida water plant
• Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.

---

Disponible en français.

Image from https://www.freepik.com/

Read More

Climate Change

This post provides information on climate change and its potential effects to drinking water systems. Information is provided to aid with contingency planning for possible future situations.

Visit our online library’s main webpage to find more resources on topics related to drinking water.

---

Abstracts & Articles

Assessing the Resilience of Ontario’s Low Water Response Plan under a Changed Climate Scenario: An Ontario Case Study

Climate Change Adaptation Capacity in Ontario Conservation Authorities: A Case Study Evaluation

Effects of Climate Change On Water Utilities

Examining drinking water security and governance for rural coastal Nova Scotia within the context of climate change

Great Lakes drinking water study links gastro bugs to heavy storms

Impacts of Climate Change and Controlled Tile Drainage on Water Quality and Quantity in Southern Ontario, Canada

Modelling the Effects of Climate Change on the Surface and Subsurface Hydrology of the Grand River Watershed

Putting a Price on How Much Albertans Value the Reliability of their Drinking Water Supply

Report on the Operational and Economic Impacts of Hurricane Irene on Drinking Water Systems

Three Essays on the Economics of Innovation as Adaptation to Climate Change

Toxicity and bioaccumulation of sediment-associated metals and elements from wildfire impacted streams of southern Alberta on Hyalella azteca

Vulnerability of Quebec drinking-water treatment plants to cyanotoxins in a climate change context

---

Excel Spreadsheets

Canadian Water and Wastewater Association Climate Change Resource Databank

---

Fact Sheets

7 Steps to Effective Drought Contingency Planning

After the Hurricanes: Managing and Disinfecting a Flooded Well

Bushfires and the Risks to Drinking Water Quality

Cleaning and Disinfecting Water Cisterns After Floods and Heavy Rains

Climate Change

Disinfection of Bored or Dug Wells After an Emergency

Disinfection of Drilled or Driven Wells After an Emergency

Don’t Let a Summer Drought Catch You Off-Guard

Flood Resilience: A Basic Guide for Water and Wastewater Utilities

Flood Resilience Checklist

Incident Action Checklist – Drought

Incident Action Checklist – Flooding

Managing a Flooded Well

Protecting Your Water System Against the Risks and Effects of Fire

What to Do After the Flood

Wildfires and Wells

---

Guides

Best Practices and Resources on Climate Resilient Natural Infrastructure

Canada’s Marine Coasts in a Changing Climate

Climate-Resilient Water Safety Plans: Managing Health Risks Associated with Climate Variability and Change

Collaborative Decision-Making for Drought Management: Improving Multi-Actor Approaches

Confronting Climate Change: An Early Analysis of Water and Wastewater Adaptation Costs

Drought Planning for Small Community Water Systems

Drought Response and Recovery Guide for Water Utilities

---

Presentations

Climate Change and the Impact to the Community Long Term Water Supply

Fires, Floods, and Bugs: How Climate Change Impacts Drinking Water Source Quality

Hazard Mitigation For Natural Disasters: A Starter Guide for Water and Wastewater Utilities

---

Tools

A Web-Based Intensity-Duration-Frequency Tool to Update and Adapt Local Extreme Rainfall Statistics to Climate Change

Tools for Climate Change Vulnerability Assessments for Watersheds

---

Video and Audio

Act on Climate Today

Changes in Water Use Under Regional Climate

Climate Change

Climate Change Basics

Conserve Water, Act on Climate

Drought Webcast Series: Customer Communications During Drought

Drought Webcast Series: Financial Resiliency During Droughts

Drought Webcast Series: Turf Replacement Programs

Drought Webcast Series: Using Cost-Benefit Analyses to Compare Drought Management Practices

Flooding and Droughts Webinar

Flood Resilience Guide

Fredericktown, Missouri: Water Utility Climate Adaptation Planning

Water Resource Planning Options for Climate Change

Water Utilities and Climate Change Research – Farmcast Radio Interview

---

 

Read More