Cybersecurity Assessments for Utilities
Water and Wastewater utilities rely on interconnected systems to monitor and control critical infrastructure. This connectivity enhances efficiency but also introduces cybersecurity risks that could threaten public health and safety. A cybersecurity assessment within an asset management plan helps utilities identify vulnerabilities, safeguard operational technology and information technology systems, and mitigate the risk of cyberattacks. Without proper security measures, utilities may be exploited, leading to service disruptions, data breaches, or even physical damage to their infrastructure.
Incorporating cybersecurity assessments into asset management plans ensures a proactive approach to risk management, regulatory compliance, and system resilience. The Indiana Finance Authority’s (IFA) State Revolving Fund (SRF) Loan Program requires the completion of an annual cybersecurity assessment for all 2025 Fiscal Year closings (July 2024-June 2025). This means the Cybersecurity Assessment must be completed prior to signing the required Asset Management Plan Certification and must be completed annually moving forward.
Additionally, the Indiana Department of Environmental Management has begun to “strongly encourage” cyber security assessments as part of their water and wastewater inspections. They also provide several recommended tools for use in appropriate water sector systems.
The City of Rensselaer, Indiana has one of the first utilities in the nation to participate in a cybersecurity initiative. In a recent article published by the Rensselaer Republican, City Superintendent Bryce Black said that “the City of Rensselaer recognizes there is not one ‘silver bullet’ when it comes to cybersecurity…The evolving regulatory environment comes with more stringent security & risk management practices. We are confident that this program will provide us with the necessary best management practices against potential cyber threats” (Read full article).
Cybersecurity Assessments help utilities prioritize cybersecurity investments, implement best practices such as network segmentation and regular patching, and develop incident response plans to minimize downtime. By treating cybersecurity as a core component of asset management planning, utilities can protect their critical infrastructure from evolving threats and maintain the trust of the communities they serve.
The links below provide more information on the best ways to secure your water systems. For more information on Asset Management Planning and Cybersecurity Assessments, contact Brady Dryer.