Since 2004, October has been declared Cybersecurity Awareness Month, a national initiative to raise awareness about the importance of cybersecurity and empower individuals and organizations to protect their data and systems. The EPA has Water Webinars for this month, the URL is Join EPA’s Water Webinars for Cybersecurity Awareness Month | US EPA.

Over the years, it has grown into a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk and generate discussion on cyber threats on a national and global scale. In today’s digital world, cyber threats are more sophisticated and frequent than ever. 

From phishing scams and ransomware to data breaches and identity theft, the risks we face are real—and growing. 

This month focuses on the theme “Building a Cyber Strong America. This initiative, led by the Cybersecurity and Infrastructure Security Agency (CISA), aims to enhance cybersecurity awareness and resilience among individuals, organizations, cities, towns, and counties Key activities include:

• Educating the public about common cyber threats and best practices for safeguarding digital assets.
• Promoting the adoption of safe online practices, such as creating strong passwords, enabling multifactor authentication, and recognizing and reporting scams.
• Encouraging participation through various events and resources provided by CISA and other organizations. 

The threat of cyberattacks against water systems has increased in recent years, and SCDES BOW and EPA continues to work with these water systems to implement best management practices to swiftly address any cybersecurity concerns as they arise.

To help water and wastewater utilities stay informed about recent cybersecurity threats, the below information and links provide resources and information from Environmental Protection Agency (EPA), Cybersecurity and Infrastructure Security Agency (CISA), Water Information Sharing and Analysis Center (WaterISAC), American Water Works Association (AWWA).

Please report any suspected criminal cyber activity to FBI and/or CISA as quickly as possible. The EPA/WaterISAC Joint Advisory on Potential Threat to Critical Infrastructure and CISA’s Shields Up Website contain the latest information and developments.

Resources

• AWWA: Resources on Cybersecurity
• EPA: Cybersecurity Best Practices for the Water Sector
• EPA: Incident Action Checklist - Cybersecurity
• EPA: Supporting Cybersecurity Measures with the Clean Water State Revolving Fund
• EPA: Supporting Cybersecurity Measures with the Drinking Water State Revolving Fund
• Hampton Roads Sanitation District - Roundtable on Cyber Incidents and the Public Sector Presentation
• Joint Cybersecurity Advisory - Compromise of U.S. Treatment Water Treatment Facility
• WaterISAC - 15 Cybersecurity Fundamentals
• WaterISAC - Advisory on New Egregor Ransomware Incident at Large Metropolitan Water Utility
• White House - What We Urge You To Do To Protect Against the Threat of Ransomware
• *FACT SHEET: Water Vulnerability Scanning
• Top Cyber Actions for Securing Water Systems