U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

White Paper (Draft)

[Project Description] Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector

Date Published: November 2, 2022
Comments Due: December 19, 2022
Email Comments to: water-nccoe@nist.gov

Author(s)

James McCarthy (NIST), Bob Stea (MITRE), Don Faatz (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) is seeking feedback from all stakeholders in the water and wastewater utilities sector. In our efforts to ensure our guidance can benefit the broadest audience, the NCCOE is especially interested in hearing from water utilities of all sizes: small, medium and large.

Many U.S. Water and Wastewater Systems (WWS) sector stakeholders are utilizing data-enabled capabilities to improve utility management, operations, and service delivery.   The increasing adoption of network-enabled technologies by the sector merits the development of best-practices, guidance, and solutions to ensure that the cybersecurity posture of facilities is safeguarded.

The NCCoE project will demonstrate solutions to protect the cybersecurity of infrastructure within the operating environments of WWS sector utilities that address common cybersecurity risks among water and wastewater systems utilities.  This project will address areas that have been identified by WWS stakeholders, including: asset management, data integrity, remote access, and network segmentation. 

The NCCoE will demonstrate use of existing commercially available products to mitigate and manage these risks.  The findings can be used as a starting point by utilities in mitigating cybersecurity risks for their specific production environment. This project will result in a freely available NIST Cybersecurity Practice Guide.

Get Engaged

You can continue to help shape and contribute to this and future projects by joining the NCCoE’s Water Sector Community of Interest. Visit our project page to join.

Abstract

Keywords

asset management; data integrity; network segmentation; remote access; SCADA; water and wastewater utility
Control Families

None selected

Documentation

Publication:
Draft Project Description

Supplemental Material:
Project homepage (web)

Document History:
11/02/22: White Paper (Draft)

Topics

Security and Privacy
asset management; risk management

Applications
industrial control systems