NAWC worked with key stakeholders to develop Cybersecurity Pillars to serve as guiding principles around cybersecurity, compliance, and the sector’s path forward on this key issue.
In its Cybersecurity Pillars, NAWC supports:
State and Federal Initiatives to Create Universal Standards
NAWC member companies support state and federal initiatives aimed at driving uniform cybersecurity compliance for all drinking water and wastewater system operators across the nation.
Efforts to Reexamine Cybersecurity Oversight
NAWC supports the efforts of the Biden Administration and congressional leadership to reexamine the drinking water and wastewater sector’s cybersecurity oversight model and embraces requirements such as mandating risk-based foundational standards.
Establishing North American Water Reliability Council
NAWC supports efforts to establish a North American Water Reliability Council (NAWRC) to manage the development of compliance standards and to audit utility implementation. This entity would mirror the NERC model used by the electric sector. NAWRC would be an independent, sector-led organization, not a government agency.
Creation of Federal Division to Oversee Reliability Council
NAWC supports the creation of a new FERC-like regulatory office within the EPA’s Office of the Administrator to oversee the North American Water Reliability Council’s (NAWRC’s) proposed compliance standards for the drinking and wastewater sector.
Federal Funding to Support Security Information Sharing
NAWC supports federal funding to utilize, and enhance, the Water Information Sharing and Analysis Center (WaterISAC) to directly support drinking water and wastewater utilities by providing, promoting, and sharing voluntary operational, physical, and cybersecurity-based information and best practices with the sector.
Uniform, Timely Incident Reporting
NAWC supports legislative and administrative measures to protect against ransomware attacks and other known “threat vectors” to information technology and operational technology systems and report cybersecurity attacks to the Cybersecurity & Infrastructure Security Agency (CISA) within prescribed timeframes.
Registration with CISA Hygiene Services
NAWC supports actions that require all drinking water and wastewater system operators to register for CISA’s Cyber Hygiene Services.
Comprehensive Physical and Cybersecurity Strategies
NAWC and its member companies agree that comprehensive physical and cybersecurity strategies must continue to evolve and supports the development of effective policies that encourage:
- More collaboration between the energy, water and gas sectors through cross-training, grid exercises, and information sharing;
- The formation of a cyber mutual assistance program that would bring industry experts together to support restoration following cyber incidents that impact operations.
NAWC and its member companies have the technical capability and the financial capacity to tackle these challenges using the Cyber Pillars as our guide. While the risks and threats to the water sector continue to grow and become more sophisticated, NAWC’s member companies remain committed to continuing efforts to strengthen their cybersecurity defenses.