Securing Water and Wastewater Utilities

Access to clean water is critical to public health, the environment, and our nation’s economic prosperity. Water utilities supply clean water to communities and ecosystems across the country. Wastewater treatment facilities remove harmful or toxic impurities from wastewater and then return clean water back to the environment. Together, facilities in the Water and Wastewater Systems (WWS) sector play an important role in our national critical infrastructure. It is important to help these utilities to mitigate their cybersecurity risks.

Demonstrating how to mitigate and manage cybersecurity risks for the Water and Wastewater Systems Sector

The NCCoE engaged the WWS sector to understand common cybersecurity challenges. Four technical areas were identified, including secure remote access, network segmentation, asset management, and data integrity. In this project, the NCCoE is developing a reference architecture and demonstrating secure remote access for water and wastewater utilities of all sizes. The finalized NIST Cybersecurity Practice Guide includes a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses these challenges.
Status: Finalized

Previously published as draft NIST Technical Note 2283, the NCCoE has finalized the guidelines based on community input and published NIST SP 1800-45, Cybersecurity for the Water and Wastewater Sector: Build Architecture (Operational Technology Remote Access)

NIST SP 1800-45, Cybersecurity for the Water and Wastewater Sector: Build Architecture (Operational Technology Remote Access)Web Version NIST SP 1800-45, Cybersecurity for the Water and Wastewater Sector: Build Architecture (Operational Technology Remote Access)

Abstract

The Water and Wastewater Systems sector is undergoing a digital transformation, increasing its dependence on connectivity to systems that, for instance, monitor pumping stations, evaluate water quality, or analyze data to support more efficient operations and improve service. This increased reliance on an internet-connected ecosystem, however, increases the opportunity for malicious actors to introduce vulnerabilities into a water or wastewater utility’s systems and networks. It is important that the water utilities are equipped with resources to help them address and mitigate their cybersecurity risks.

The NCCoE worked collaboratively with the Water and Wastewater Systems sector, technology providers, and across government to identify areas to help water and wastewater utilities mitigate and manage cyber risks. The NCCoE demonstrated the use of existing commercially available products to mitigate and manage these risks. The findings can be used as a starting point by utilities in mitigating cybersecurity risks for their specific production environment.

Read the Project Description

Water is vital for sustaining life on Earth, and in today’s internet-connected society cybersecurity is vital to maintaining the quality and accessibility of our water resources.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name