Cybersecurity Incident Response Guide for Water and Wastewater Systems

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.S. Environmental Protection Agency (USEPA) collaborated on the new Incident Response Guide: Water and Wastewater Sector. The guide provides best practices for cyber incident response, including the four stages of the incident response lifecycle:  

  1. Preparation: Water and wastewater sector entities should have an incident response plan in place, implement available services and resources to raise their cyber baseline, and engage with the water and wastewater sector cyber community.  
  2. Detection and analysis: Accurate and timely reporting and rapid collective analysis are essential to understand the full scope and impact of a cyber incident. The guidance provides information on validating an incident, reporting levels, and available technical analysis and support.   
  3. Containment, eradication, and recovery: While the water or wastewater utility is conducting its incident response plan, Federal partners focus on coordinated messaging and information sharing, and remediation and mitigation assistance.  
  4. Post-incident activities. Evidence retention, using collected incident data, and lessons learned are the overarching elements for a proper analysis of both the incident and how responders handled it.  

CISA, the FBI, and USEPA say technical expertise is not required to understand and use the guide. In addition, the guide can be found in a toolkit created by CISA and USEPA for water and wastewater systems at every level of cybersecurity planning. It brings key online resources to one webpage to help build cybersecurity foundations for systems and progress to implement more advanced, complex tools to stay ahead of cyber threats. The toolkit currently includes the following resources:

  • Free Cyber Vulnerability Scanning for Utilities
  • Water Resilience Cybersecurity Help Desk
  • Free Cybersecurity Assessment Service
  • Cross-Sector Cybersecurity Performance Goals
  • Cybersecurity for the Water Sector
  • Incident Response Guide: Water & Wastewater Sector

CISA and USEPA intend to update the toolkit periodically to include new resources and respond to the evolving needs of the sector.