EPA Cybersecurity for the Water Sector

Implementing cybersecurity best practices is critical for water and wastewater utilities to reduce the risk of cybersecurity threats. The resources below can bring your utility one step closer to cybersecurity resilience.
EPA released a memorandum stressing the need for states to assess cybersecurity risk at drinking water systems to protect our public drinking water. The memorandum conveys EPA’s interpretation that states must include cybersecurity when they conduct periodic audits of water systems (called “sanitary surveys”) and highlights different approaches for states to fulfill this responsibility. Read the memo and guidance.
On this page:
- Report Cybersecurity Incidents
- Assessing Cybersecurity in Sanitary Surveys
- Technical Assistance
- Cybersecurity Training for the Water Sector
- Additional Cybersecurity Resources and Tools
- Funding Options
- Alerts – National Cybersecurity Awareness System
- Other US Government and Partner Cybersecurity Resources
- Cybersecurity Reports to Congress
Report Cybersecurity Incidents
Click the link below for information on reporting cybersecurity incidents and to report an active cybersecurity incident.
Assessing Cybersecurity in Sanitary Surveys
Interpretive Rule
- Addressing Public Water System Cybersecurity in Sanitary Surveys or an Alternate Process (pdf)
- Guidance on Evaluating Cybersecurity During Public Water System Sanitary Surveys (pdf)
- Fact Sheet: Increasing Cybersecurity Resilience at Public Water Systems (pdf)
- Fact Sheet: Addressing Cybersecurity Resilience with Sanitary Surveys (pdf)
Resources to Conduct Cybersecurity Assessments
Self-Assessment Resources
- EPA: Water Cybersecurity Assessment Tool and Risk Mitigation Plan Template (xlsx)
- EPA: Guidance on Evaluating Cybersecurity During Public Water System Sanitary Surveys (pdf) (Checklist in Appendix)
- CISA: Cyber Resilience Review
- CISA: Cross-Sector Cybersecurity Performance Goals
- CISA: Cybersecurity Evaluation Tool
- NIST: AXIO Cybersecurity Program Assessment Tool
- MS-ISAC: Risk Assessment Method
- MS-ISAC: Critical Security Controls
Third-Party Assessment Resources
Technical Assistance
EPA: Cybersecurity Technical Assistance Program for the Water Sector: The Cybersecurity Technical Assistance Program will support primacy agencies and water systems in implementing cybersecurity measures. Users may submit questions or request to consult with a subject matter expert regarding cybersecurity in PWS sanitary surveys or other cybersecurity matters.
EPA: Water Sector Cybersecurity Evaluation Program: EPA’s Cybersecurity Evaluation Program will conduct a cybersecurity assessment for PWSs. The assessment will follow the checklist in the guidance on Evaluating Cybersecurity in PWS Sanitary Surveys which will then generate a report that will highlight gaps in cybersecurity, including potential significant deficiencies.
Training
EPA is committed to providing training on cybersecurity topics to the Water Sector. Please see the upcoming schedule below.
Date | Title & Registration Link | Description |
---|---|---|
Thursday, September 21, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 1 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 1 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Thursday, June 8, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 2 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 2 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Wednesday, July 19, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 4 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 4 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Thursday, June 22, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 5 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 5 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Tuesday, July 11, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 6 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 6 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Tuesday, August 8, 2023 | Addressing Public Water System Cybersecurity in Sanitary Surveys Region 7 Training | This hybrid workshop (in-person and virtual) is designed to help EPA Region 7 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Monday, October 2, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 8 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 8 Primacy Agencies implement cybersecurity into their sanitary survey programs |
Wednesday, August 9, 2023 |
Addressing Public Water System Cybersecurity in Sanitary Surveys Region 10 Training Registration link will be sent directly to the targeted audience. |
This hybrid workshop (in-person and virtual) is designed to help EPA Region 10 Primacy Agencies implement cybersecurity into their sanitary survey programs |
TBD |
Addressing Public Water System Cybersecurity in Sanitary Surveys Registration link coming soon |
EPA will be hosting a free cybersecurity webinar for public water system personnel. You will gain vital information about the recently released memorandum Addressing Public Water System Cybersecurity in Sanitary Surveys or an Alternate Process. |
Cybersecurity 101 Training
Cybersecurity 101 Webinar: This webinar is an introduction to the basic principles of cybersecurity. The presentation slides can be downloaded here: Cybersecurity 101 Webinar Slides (pdf) .
Additional Cybersecurity Resources and Tools
Cybersecurity Incident Action Checklist (pdf) : Guidance for preparation, response, and recovery of a cybersecurity incident.
Develop and Conduct a Water Resilience Tabletop Exercise (TTX) with Water Utilities: Tool used to plan, conduct, and evaluate tabletop exercises for all-hazards scenarios, including cybersecurity incidents.
Funding Options
Clean Water State Revolving Fund (CWSRF) | US EPA: Provides assistance to any public, private, or nonprofit entity for measures to increase the security of publicly owned treatment works, including cybersecurity.
Drinking Water State Revolving Fund (DWSRF) | US EPA: Provides assistance with All-Hazard Risk and Resilience Assessment, Training, Equipment, and Infrastructure, including cybersecurity
CISA State and Local Cybersecurity Grant Program (SLCGP): Grant program for states, cities, counties and towns from state administrative agency. Sub-award applications for cities, counties and towns must be submitted to the respective state administrative agency. Find more information here on EPA's SLCGP Fact Sheet (pdf)
Alerts - National Cybersecurity Awareness System
CISA Alerts provide timely information about current security issues, vulnerabilities, and exploits. Find DHS CISA Alerts here.
Sign up to receive email alerts from CISA here.
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
Remote Monitoring and Management Software Alert
Other US Government and Partner Cybersecurity Resources
- CISA Services Catalog offers significant resources, guidance, and tools to assist critical infrastructure facilities, including water and wastewater systems, with cybersecurity.
- Presidential Policy Directive 41: Information on roles that government agencies will perform in the event of a cybersecurity incident.
- United States Department of Agriculture (USDA) Rural Development Circuit Rider Program
- Water Information Sharing and Analysis Center (WaterISAC)
- Multi-State ISAC