Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Securing Water and Wastewater Utilities: Cybersecurity for the Water and Wastewater Systems Sector

Date Published: November 2, 2022
Comments Due: December 19, 2022 (public comment period is CLOSED)
Email Questions to: water_nccoe@nist.gov

Author(s)

James McCarthy (NIST), Bob Stea (MITRE), Don Faatz (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) is seeking feedback from all stakeholders in the water and wastewater utilities sector. In our efforts to ensure our guidance can benefit the broadest audience, the NCCOE is especially interested in hearing from water utilities of all sizes: small, medium and large.

Many U.S. Water and Wastewater Systems (WWS) sector stakeholders are utilizing data-enabled capabilities to improve utility management, operations, and service delivery.   The increasing adoption of network-enabled technologies by the sector merits the development of best-practices, guidance, and solutions to ensure that the cybersecurity posture of facilities is safeguarded.

The NCCoE project will demonstrate solutions to protect the cybersecurity of infrastructure within the operating environments of WWS sector utilities that address common cybersecurity risks among water and wastewater systems utilities.  This project will address areas that have been identified by WWS stakeholders, including: asset management, data integrity, remote access, and network segmentation. 

The NCCoE will demonstrate use of existing commercially available products to mitigate and manage these risks.  The findings can be used as a starting point by utilities in mitigating cybersecurity risks for their specific production environment. This project will result in a freely available NIST Cybersecurity Practice Guide.

Get Engaged

You can continue to help shape and contribute to this and future projects by joining the NCCoE’s Water Sector Community of Interest. Visit our project page to join.

Abstract

Keywords

asset management; data integrity; network segmentation; remote access; SCADA; water and wastewater utility
Control Families

None selected

Documentation

Publication:
Draft Project Description (pdf)

Supplemental Material:
Project homepage

Document History:
11/02/22: Project Description (Draft)
06/20/23: Project Description (Final)

Topics

Security and Privacy

asset management, risk management

Applications

industrial control systems