AWWA – American Water Works Association
Cybersecurity is a mission-critical function for safeguarding water utility/system infrastructure.
The American Water Works Association (AWWA) provides cybersecurity guidance to help water utilities/systems and related services ascribe to best practices, understand policies, and comply with federal cybersecurity mandates and requirements.
Federal mandates require water utility systems serving populations of 3,300 or more to have a plan to handle cybersecurity threats via a risk assessment and emergency plan. AWWA has curated critical planning resources to assist with water utilities’ compliance with this mandate, help them clarify their exposure to cyber risks, and implement an effective and proactive cybersecurity strategy. These include:
- The Water Sector Cybersecurity Risk Management Guidance, which offers step-by-step information on how to protect process control systems that the water sector uses to defend against cyberattacks. Utilities that follow this guidance especially benefit from the recommendations the assessment tool (next bullet) provides.
- An interactive self-assessment tool that utilities can follow to determine if they are properly implementing critical controls. The tool uses the utility’s response to create a customized, prioritized list of controls most applicable to the utility’s technology to help resolve/mitigate any cybersecurity vulnerabilities.
- A small systems guide specifically designed to help small rural utilities serving less than 10,000 customers improve their cybersecurity practices.
AWWA aligned these resources with the cyber controls detailed in the NIST Cybersecurity Framework and with the America’s Water Infrastructure Act (AWIA) of 2018 (specifically Section 2013). The Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency, and NIST have recognized the value these resources provide in helping water systems evaluate their cybersecurity risks and improve their cyber resilience.
Speak With a CISO Global Security Specialist Today
Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, security engineering, and more.