Information Shield Supports New Cyber Guidance for Water and Wastewater Systems Sector

The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on a new fact sheet from both the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI).

Changes in Cyber Security Requirements for Water Systems

Under the previous EPA ruling, cyber assessments were going to be part of regular Sanitary Surveys. While the Biden Administration withdrew the 2023 new cyber requirements for PWS entities, cyber security is still a top concern. While it is not clear how or if these new guidelines will be enforced, the idea is that public water systems (PWS) need to be more proactive in the implementation of cyber controls.

Streamlining EPA Water Cyber Compliance

The ComplianceShield platform helps streamline the entire process for Water and Wastewater Systems (WWS) Sector utilities to address all of the new cyber requirements. Implied in these requirements is the development and maintenance of an Information Security Management System (ISMS) that enables organizations to create, document and address key Cyber Security Controls. Table 1 illustrates how the various cyber requirements map to key Information Shield features.

Table 1: Water Utility Cyber Requirement Summary

EPA Cyber Security RequirementInformation Shield Solution
Conduct Regular Cybersecurity AssessmentsRisk Assessment Wizard with built-in asset and threat libraries. Supporting Risk Assessment policies and procedures.
Create an IT Asset InventoryIT Asset Wizard to build and maintain an IT Asset Inventory. Supporting Assert Management Policy library.
Change Default Passwords ImmediatelyTemplate security policies for Access Control and Password management.
Develop and Exercise Cybersecurity Incident Response and Recovery PlansBuilt-in Incident Management functions, supported by Incident Response Policies and Procedures.
Backup OT/IT SystemsFull library of backup and recovery policies, including development of Disaster Recovery Plans
Reduce Exposure to VulnerabilitiesVulnerability Management policies and procedures, including tracking of action items.
Conduct Cybersecurity Awareness TrainingBuilt-in Security Awareness and Training Library with automation to allow employees to take and record training.
Reduce Exposure to the Public-Facing InternetBuilt-in Network Security Management policy and matching controls for network security, including DDOS protection.
Key Cyber Requirements from the EPA and FBI

Developing and Maintaining Cyber Security Policies

In addition to these key functions, ComplianceShield contains a complete security policy template library covering all key areas of cyber security for water utilities. Customers can explore the platform risk-free with a 14-day trial.