NIST Guidelines for Secure Remote Access in Water and Wastewater Systems

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the final version of NIST Special Publication 1800-45, Cybersecurity for the Water and Wastewater Sector: Build Architecture, demonstrating how to securely enable remote access to operational technology for critical infrastructure.

Background

The Water and Wastewater Systems sector plays an integral role in our national critical infrastructure, supplying clean water to our communities and removing harmful materials from wastewater.

As the Water and Wastewater Systems sector continues its digital transformation, many organizations are adopting automation to improve utility management, operations, and service delivery. The adoption of internet-connected sensors, data collection, network devices, and analytic software increases cybersecurity risks and vulnerabilities.

Through collaboration with water utilities, technology vendors, and industry experts, the NCCoE’s Cybersecurity for the Water and Wastewater Sector project built and demonstrated secure remote access architectures and sample implementations in a lab environment using commercially available technologies. The resulting guidelines demonstrate how organizations of different sizes and resource levels can deploy practical remote access approaches based on their operational needs.

Previously published as draft NIST Technical Note 2283, the publication has been revised as an NCCoE practice guide and updated to reflect feedback from the community. Visit the NCCoE project page to download the publication and view the reference architectures and implementation details!