U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Water and Wastewater Utilities

Access to clean water is critical to public health, the environment, and our nation’s economic prosperity. Water utilities supply clean water to communities and ecosystems across the country. Wastewater treatment facilities remove harmful or toxic impurities from wastewater, and then return clean water back to the environment. Together, facilities in the Water and Wastewater Systems (WWS) sector play an important role in our national critical infrastructure. It is important that these utilities are equipped with resources to help them address and reduce their cybersecurity risks.

Demonstrating how to mitigate and manage cybersecurity risks for the Water and Wastewater Systems Sector

The NCCoE is in the initial phase of a project that will result in a reference architecture designed specifically for the Water and Wastewater Systems sector. The project team is currently seeking the public’s input on a draft project description. We are seeking feedback from all stakeholders in the water and wastewater utilities sector. In our efforts to ensure our guidance can benefit the broadest audience, the NCCOE is especially interested in hearing from water utilities of all sizes-- small, medium and large. The next phase of the project will be to issue a Federal Register Notice to begin seeking technology collaborators for the project.
Status: Reviewing Comments

The public comment period for the draft project description has closed. Thank you to everyone who shared their feedback with us. We are currently reviewing the comments received. If you have questions, please email us at: water_nccoe@nist.gov

Project Description (Draft)Document Version Project Description (Draft)

The Water and Wastewater Systems sector is undergoing a digital transformation, increasing its dependence on connectivity to systems that, for instance, monitor pumping stations, evaluate water quality, or analyze data to support more efficient operations and improve service. This increased reliance on an internet-connected ecosystem, however, increases the opportunity for malicious actors to introduce vulnerabilities into a water or wastewater utility’s systems and networks.

The NCCoE is working collaboratively with the Water and Wastewater Systems sector, technology providers, and across government to identify areas to help water and wastewater utilities mitigate and manage cyber risks. The NCCoE will demonstrate use of existing commercially available products to mitigate and manage these risks. The findings can be used as a starting point by utilities in mitigating cybersecurity risks for their specific production environment.

This project will result in a freely available NIST SP 1800 series Practice Guide.

Water is vital for sustaining life on Earth, and in today’s internet-connected society cybersecurity is vital to maintaining the quality and accessibility of our water resources.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself