17414_Authority_April_2024

municipalauthorities.org | 41 Page 1 of 2 EPA’s Cybersecurity Resources for Drinking Water and Wastewater Systems Improving cybersecurity across the water sector remains one of EPA’s highest priorities. EPA continues to underscore that adopting cybersecurity best practices at drinking water and wastewater utilities is essential to protect communities from the increasing number and severity of cyber-threats facing our nation’s water systems. The Agency will continue to explore opportunities to lower cybersecurity risk for public water systems. EPA will continue to support states, technical assistance providers, drinking water and wastewater systems by providing ongoing technical assistance in the form of cybersecurity assessments, subject-matter expert consultations, training, and funding. Cybersecurity Assessments EPA conducts cybersecurity assessments for utilities through the Cybersecurity Evaluation Program where utilities work with a cybersecurity professional virtually to complete an assessment using the WCAT, described below. Following the assessment, utilities will receive their comprehensive Assessment Report and Risk Mitigation Plan Template so they can begin addressing their cybersecurity gaps and track their progress as they make improvements to their cybersecurity program. EPA’s Water Cybersecurity Assessment Tool (WCAT) helps water systems self-assess their cybersecurity practices. State Primacy Agencies and Technical Assistance Providers can also use this tool when conducting a cybersecurity assessment at water systems. The tool utilizes EPA’s Cybersecurity Checklis t , which contains the basic cybersecurity controls needed to build a strong cybersecurity program. Cybersecurity Technical Assistance EPA offers direct technical assistance through the Cybersecurity Technical Assistance Program for the Water Sector . Primacy agencies, technical assistance providers, and utilities can submit cybersecurity questions and receive one-on-one remote assistance (phone or email) from a cybersecurity subject-matter expert. EPA strives to respond to each request for technical assistance within two business days. Using EPA’s Cybersecurity Checklist Fact Sheets, for each of the 33 questions on the WCAT, utilities can learn additional details on each cybersecurity control including why it’s important, recommendations, implementation tips (corrective actions), and additional resources utilities can access to assist in implementing each control. Cybersecurity Training EPA offers cybersecurity training and tabletop exercises free to the water sector. For example, EPA’s Cybersecurity 101 Webinar introduces the basic principles of cybersecurity to Water Sector members. EPA has also conducted trainings on how to use the WCAT to conduct cybersecurity assessments at water and wastewater utilities for technical assistance providers and water systems. EPA also hosts webinars covering cybersecurity concepts and highlighting EPA’s cybersecurity assessment resources for water systems supporting Defense drinking water and wastewater facilities. Working in coordination with states, State-Level Rural Water Sections and Water/Wastewater Agency Response Networks (WARNS), EPA hosts tabletop exercises featuring scenarios that allow staff to assess their cyber response practices, identify ways to improve their cybersecurity posture, and engage with cybersecurity subject- matter experts. FACT SHEET