A new collaborative effort, developed by several federal agencies, will focus on a coordinated and modernized approach to protect the water and wastewater sectors’ cybersecurity resilience.

The Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan concentrates on high-impact activities that can be surged within 100 days to protect water resources by improving cybersecurity across the water sector.


Created by the U.S. Environmental Protection Agency (EPA), the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC), the effort is part of President Biden’s Industrial Control Systems (ICS) Initiative, established according to National Security Memorandum 5, Improving Cybersecurity for Critical Infrastructure Control Systems. The federal government and critical infrastructure community will help facilitate the deployment of technologies that provide cyber-related threat visibility, indicators, detections and warnings.


The plan is focused on many critical ‘high-impact activities,” significantly improving the ability to detect incidents and share information between entities, explains Jasmine Henry, Field Security Director at JupiterOne. “Improved detection is key to protecting human safety and averting attacks like the incident in Oldsmar, Florida, in 2021. Collaboration between legislators and industry is so crucial to create an impact on water and wastewater safety.”


In addition, the plan will concentrate on promoting and supporting the water sector’s adoption of procedures for the early detection of cyber threats and allow for the rapid sharing of cyber-threat data across the government to expedite analysis and action. Components of the plan include:


  • Establishing a task force of water sector leaders.
  • Implementing pilot projects to demonstrate and accelerate the adoption of incident monitoring.
  • Improving information sharing and data analysis.
  • Providing technical support to water systems.


The plan is a positive step toward securing a piece of the nation’s critical infrastructure and is in line with President Biden’s executive order on improving the nation’s cybersecurity, says Matt Klein, Field CISO at Coalfire. “There will be challenges given the distributed nature of our nation’s water systems, but with continued and increased levels of collaboration across government and private sector partners, improvements with the resiliency can be made. One hundred days is a relatively short amount of time; however, very clear tactical and strategic approaches to safeguarding water resources can be developed and communicated in this timeframe.”