Prevailing cybersecurity threats on the U.S. water sector

The US government recently provided guidance to enhance cyber resilience in the water and wastewater (WWS) sector. This article will provide some insight into how to access your cybersecurity status and improve operations and incident response.

US water utilities have been victim to cyber-attacks. The Aliquippa Water Authority suffered an attack last November by an Iranian-backed group.1 It’s not difficult to imagine the grave harm to Americans if a water facility’s security is compromised: contamination or supply shortages come to mind.

After the report of Aliquippa, the US confirmed attacks on other water utilities,2 with threat actors operating out of a mostly political motive.

The Environmental Protection Agency (EPA) is responsible for overseeing all 52,000 drinking-water and 16,000 wastewater systems across the United States. CISA has recently published jointly with the FBI and the EPA an incident response guide for the water and wastewater (WWS)3 sector. Providing guidance over the four stages of the incident response lifecycle: Preparation, Detection and Analysis, Containment Eradication and Recovery, & Post-Incident Activities.

The guidance provides great recommendations and lists federal resources available. But implementing these efforts requires time and money. While constrained budgets may hinder progress, there are cost-effective options to help those in WWS sector meet these standards and improving their cyber defense.

Analyze your cybersecurity situation with these 5 questions

  1. What is your biggest security concern as it relates to your environment?
  2. When was your last security assessment; and what did it include?
    • A strong, updated security assessment should be performed annually and include the following aspects:
      • Policy Review
      • Network Penetration Testing
      • Asset Review and Classification
      • Access Control
      • Incident Response
  3. Do you have a current incident response (IR) plan?
    • Typically, IR plans are updated every 18 to 24 months and, with the ever-changing cyber threat landscape, should be reviewed more frequently. An IR tabletop exercise is recommended at least once annually to validate the effectiveness of the plan.
  4. How realistic is your IR plan to address the risks and mitigate the impacts of a cyber-attack?
    • Here are some aspects to consider when realistically addressing your IR plan:
      • Labor resources: Do you have enough staff on hand to jump onto an identified threat?
      • Cost resources: If the cyberattack damages operations more than expected, do you have the right teams in place? If not, how much will additional contracting cost?
      • Streamlined procedures: Do you have to engage with multiple vendors/contractors? How much operational damage is being done while coordinating?
  5. On a scale of 1 – 10, how confident are you in the ability to demonstrate security compliance (1 – low; 10 – high)?
    • If you answered anywhere below 10, you should strongly consider assessing your IT environment and creating steps to improve your cybersecurity posture.
    • CAI can help you by performing an initial assessment of your IT environment and making suggestions to help you raise your cybersecurity confidence.

How to jumpstart your cyber posture

CAI understands the challenges and threats faced by America’s local infrastructure departments. We are determined to provide cost-effective cybersecurity services without sacrificing service quality and operational performance. To provide an end-to-end, flexible cybersecurity suite, CAI has teamed up with proven, experienced partners enabling us to deliver maximum value to our clients. Additionally, clients can expect cyber threats to be detected faster and, if needed, a response team to rapidly deploy to stop cyber threats before they have a significant operational impact.

Our cybersecurity service starts with an initial assessment of your IT environment and based on the findings, we prescribe only the services you need and advise you on the next steps towards protecting your department and constituents. To start your assessment, please complete the contact form, and our cybersecurity experts will reach out to you shortly.


  1. Stanish, Erika. “Municipal Water Authority of Aliquippa Hacked by Iranian-Backed Cyber Group.” CBS News, November 26, 2023.
  2. Lyngaas, Sean. “Federal Investigators Confirm Multiple US Water Utilities Hit by Hackers | CNN Politics.” CNN, December 2, 2023.
  3. “Water and Wastewater Sector - Incident Response Guide: CISA.” Cybersecurity and Infrastructure Security Agency CISA, December 7, 2023.

Let's talk!

Interested in learning more? We'd love to connect and discuss the impact CAI could have on your organization.

All fields marked with * are required.

Please correct all errors below.
Please agree to our terms and conditions to continue.

For information about our collection and use of your personal information, our privacy and security practices and your data protection rights, please see our privacy policy and corresponding cookie policy.