EPA Cybersecurity for the Water Sector

Cyber-attacks against public water systems are increasing. Implementing basic cyber hygiene practices can help your utility prevent, detect, respond, and recover from cyber incidents. Learn more about EPA’s Cybersecurity Resources for Drinking Water and Wastewater Systems. 

EPA & CISA Release Information to Help Water Systems Reduce Cybersecurity Vulnerability

The Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing information about a common cybersecurity vulnerability at water and wastewater systems using unsecured Human Machine Interface (HMI) devices. In the absence of cybersecurity measures, unauthorized remote users could exploit Human Machine Interfaces to view and adjust real-time system settings. These unauthorized adjustments can potentially disrupt the facility’s water and/or wastewater treatment process. EPA and CISA's fact sheet provides water and wastewater utilities with recommendations for cybersecurity measures that will limit the vulnerability of Human Machine Interfaces and secure them against malicious cyber activity.

cybersecurity

Cybersecurity Assessments 

Learn about cybersecurity assessment resources available for drinking water and wastewater systems.

Request Cybersecurity Technical Assistance 

Request Cybersecurity Evaluation 

On this page:

  • Cybersecurity Guidance for Drinking Water and Wastewater
  • Cybersecurity Risk Self-Assessment Resources
  • Cybersecurity Risk Third-Party Assessment Resources
  • Cybersecurity Vulnerability Assessment Resources
  • Addressing Cybersecurity in your America’s Water Infrastructure Act Risk and Resilience Assessment
  • Technical Assistance
cybersecurity conference room

Cybersecurity Planning

Build your cyber response plan, learn how to build your cyber program from other water systems and find out about resources from other Federal agencies.

On this page:

  • Addressing Cybersecurity in your America’s Water Infrastructure Act Emergency Response Plan
  • Top 8 Cyber Actions for Securing Water Systems
  • Cybersecurity Incident Action Checklist
  • Water and Wastewater Sector Incident Response Guide
  • Water Sector Cybersecurity Program Case Studies
  • Cybersecurity Insurance Considerations
  • Other US Government and Partner Cybersecurity Resources
cybersecurity training

Cybersecurity Exercises and Technical Assistance Courses

Learn about cybersecurity basics for water systems, how to conduct a cyber risk assessment, find out about upcoming cybersecurity exercises and technical assistance for drinking water and wastewater systems, and request cybersecurity exercises.

On this page:

  • Request Cybersecurity Exercises
  • Upcoming Cybersecurity Exercises and Technical Assistance Courses
  • Recorded Cybersecurity Technical Assistance Courses
  • EPA Tabletop Exercise Tool Cybersecurity Scenario
High Tech Data Center

Cybersecurity Response 

Learn about responding to a cyber incident and gain knowledge on current active threats.

On this page:

  • Report a Cybersecurity Incident 
  • EPA Webinar on Unitronics PLCs Hacked at US Water and Wastewater Systems
  • Cybersecurity Alerts
funding for cybersecurity

Cybersecurity Funding 

Learn about funding options available to support increasing cyber resilience.

On this page:

  • Clean Water State Revolving Fund
  • Drinking Water State Revolving Fund
  • CISA State and Local Cybersecurity Grant Program
EPA and FBI Cybersecurity Logo

Is Your Utility Cyber Aware?

The Federal Bureau of Investigation (FBI) and U.S. Environmental Protection Agency (EPA) are partnering on a joint venture to increase cyber awareness in the water sector. View FBI and EPA's resources related to cybersecurity in the water sector.

Contact Us about Water Resilience to ask a question, provide feedback, or report a problem.
Last updated on March 11, 2025