Powering Strong Communities
Security and Resilience (Cyber and Physical)

CISA, FBI, and EPA Release Cyber Incident Response Guide for Water and Wastewater Systems Sector 

The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Environmental Protection Agency on Jan. 18 published a guide to assist owners and operators in the water and wastewater systems sector with best practices for cyber incident response and information about federal roles, resources, and responsibilities for each stage of the response lifecycle.

CISA said that technical expertise is not required to understand and use the guide

Developed in collaboration with over 25 water and wastewater systems sector industry, nonprofit, and state/local government partners, the resource covers the four stages of the incident response lifecycle:  


Water and wastewater systems sector organizations “should have an incident response plan in place, implement available services and resources to raise their cyber baseline, and engage with the water and wastewater systems sector cyber community.”  

Detection and analysis

“Accurate and timely reporting and rapid collective analysis are essential to understand the full scope and impact of a cyber incident.” The guidance provides information on validating an incident, reporting levels, and available technical analysis and support.   

Containment, eradication, and recovery

While water and wastewater systems sector utilities are conducting their incident response plan, federal partners are focusing on coordinated messaging and information sharing, and remediation and mitigation assistance.  

Post-incident activities

Evidence retention, using collected incident data, and lessons learned are the overarching elements for a proper analysis of both the incident and how responders handled it.  

“In the new year, CISA will continue to focus on taking every action possible to support ‘target-rich, cyber-poor’ entities like WWS [water and wastewater systems] utilities by providing actionable resources and encouraging all organizations to report cyber incidents,” said CISA Executive Assistant Director for Cybersecurity Eric Goldstein.

“Our regional team members across the country will continue to engage with WWS partners to provide access to CISA’s voluntary services, such as enrollment in our Vulnerability Scanning, and serve as a resource for continued improvement,” he said.  

All water and wastewater systems utilities are encouraged to use this incident response guide to augment their incident response planning and collaboration with federal partners and the water and wastewater systems before, during, and following a cyber incident.

Familiarity with this guide will better prepare water and wastewater systems utilities to respond to and recover from a cyber incident, CISA said.  

For more information and resources, water and wastewater systems utilities are encouraged to visit CISA’s Water and Wastewater Systems Cybersecurity webpage.