Securing Water and Wastewater Utilities

Access to clean water is critical to public health, the environment, and our nation’s economic prosperity. Water utilities supply clean water to communities and ecosystems across the country. Wastewater treatment facilities remove harmful or toxic impurities from wastewater, and then return clean water back to the environment. Together, facilities in the Water and Wastewater Systems (WWS) sector play an important role in our national critical infrastructure. It is important that these utilities are equipped with resources to help them address and reduce their cybersecurity risks.

Demonstrating how to mitigate and manage cybersecurity risks for the Water and Wastewater Systems Sector

The NCCoE is in the initial phase of a project that demonstrates practical solutions for water and wastewater utilities of all sizes. The reference design will use commercially available products and services to address four WWS cybersecurity challenges: asset management, data integrity, remote access, and network segmentation. The commercial products and services will be integrated into a demonstration of the reference design. The project also initiates a broad discussion with the WWS sector to identify commercial solution providers. This project will result in a publicly available NIST Cybersecurity Practice Guide which will include a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses these challenges.

Abstract

The Water and Wastewater Systems sector is undergoing a digital transformation, increasing its dependence on connectivity to systems that, for instance, monitor pumping stations, evaluate water quality, or analyze data to support more efficient operations and improve service. This increased reliance on an internet-connected ecosystem, however, increases the opportunity for malicious actors to introduce vulnerabilities into a water or wastewater utility’s systems and networks.

The NCCoE is working collaboratively with the Water and Wastewater Systems sector, technology providers, and across government to identify areas to help water and wastewater utilities mitigate and manage cyber risks. The NCCoE will demonstrate use of existing commercially available products to mitigate and manage these risks. The findings can be used as a starting point by utilities in mitigating cybersecurity risks for their specific production environment.

This project will result in a freely available NIST SP 1800 series Practice Guide.

Read the Project Description

Water is vital for sustaining life on Earth, and in today’s internet-connected society cybersecurity is vital to maintaining the quality and accessibility of our water resources.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name