Now is the time for water utilities and municipalities to get serious about their network security. Cyber attacks are the top threat to critical infrastructure in the United States. In an effort to secure our nation’s critical infrastructure, the United States government passed the Water Infrastructure Act of 2018. This act mandates every community water system serving 3,300+ people to assess their network for risk and prove the resilience of their system in protecting against cyber threats and the deadlines are approaching.
This assessment must cover:
One aspect of this requirement that many water districts struggle with is evaluating their SCADA control systems and operational technology (OT) networks, covered in item number 2 above. Because these systems can seem complex without specific expertise in how they work, this is an area in which water districts can often benefit from third-party support from an experienced system integrator.
We’ve got you covered. At Vertech, we have an extensive background and wealth of knowledge in industrial networks and SCADA control systems specific to municipalities and water districts, coupled with a team of highly trained and certified IT/OT professionals.
Our team of network engineers can satisfy the control and SCADA-related requirements of this act and ensure the security of your systems by assessing the current state of your control systems and network infrastructure. Specifically, we can provide documentation of your existing control and SCADA system assets and networks and provide actionable recommendations to improve your cyber-security posture to industry standards.
After the network assessment, the Water Infrastructure Act of 2018 requires that municipalities prepare and/or update their emergency response plan that incorporates the findings of the risk assessment. Emergency response plans should include:
Based on the initial assessment, the Vertech team can develop emergency response and disaster recovery plans specific to your SCADA control systems and OT networks as well as develop ongoing maintenance procedures to ensure continued compliance and keep your plant running smoothly from an operational and security standpoint.
The deadline for completing your risk assessment and emergency response plan depends on your municipality’s population size. Emergency response plans are due six months from the date of the risk assessment. Here is a chart to determine which deadlines apply to your organization:
*Emergency response plan certifications are due six months from the date of the risk assessment certification. The dates shown above are certification dates based on a utility submitting a risk assessment on the final due date. For more information on complying with this new law, please visit: https://www.awwa.org/Resources-Tools/Resources/Risk-Resilience
Learn more about assessing, managing, and protecting your industrial networks by downloading our white paper, 5 Practical Steps for Managing Critical Control Networks. To get started on your SCADA control system and network security assessment, contact us.