Joint Water Sector and Government Coordinating Council Meeting Results in New Cyber Strategy

On May 19th, the Water Sector Coordinating Council (water and wastewater utility representatives) and the Government Coordinating Council (Federal and state government representatives) met and voted to accept the recommendations of a joint working group that has been looking at the best path forward for the Water Sector “…to promote and facilitate use of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity.”
The Workgroup was charged with achieving three principal objectives:

  • Recommend approaches for cyber outreach and training
  • Assess gaps in available cyber guidance, tools, and resources
  • Identify measures of success for the Water Sector

In response, the Workgroup has found that to increase the adoption and use of the NIST Cybersecurity Framework, the Water Sector needs:

  • Increased motivation to use the Cybersecurity Framework by increasing Water Sector knowledge of cybersecurity threats and demonstrating the business case (e.g., return on investment) for cybersecurity controls;
  • Enhanced capability to implement the Cybersecurity Framework through increased technical and implementation support to Water Sector utilities, and increased support to assistance providers; and
  • A stronger cybersecurity culture throughout the Water Sector that would encourage and support use of the Cybersecurity Framework, by embedding it as part of business as usual for utilities by improving the availability of information and lowering the cost of cybersecurity adoption.

A briefing summary of the full Report is attached.  ASDWA will share the final report as soon as it becomes available.  ASDWA will keep states informed as efforts move forward to begin to implement these recommendations.  States are represented on the GCC by Johnna McKenna (NH), Jon Dilliard (MT) and Bridget O’Grady (ASDWA).  Jason Minnich (PA) participated on the Cyber Strategy Working Group that developed these recommendations.
Attachment – Cyber Briefing Summary