.jpg)
.jpg)
Mitigating Cyber Threats to Critical Water Supplies
The 2021 Water Quality Accountability Act (WQAA) required state water purveyors to develop programs that identify cyber threats. Interpreting this complex framework was necessary to protect diverse assets, including wells and filtration plants, while securing essential insurance coverage against evolving malevolent acts.
Implementing a CIS-CSC Cybersecurity Framework
Utilizing the Center for Internet Security (CIS) Critical Security Controls (CSC) framework, our team performed a comprehensive analysis of the city’s specific use cases. This data-driven approach allowed for the identification of top priorities and "quick wins" that could be easily implemented for high impact. By translating raw vulnerability data into a prioritized planning document, the project bridged the gap between technical risk and actionable security measures. The team interpreted the cybersecurity framework specifically to meet the city's unique operational needs, developing reporting protocols and response plans in accordance with National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO) standards. This focused effort ensured that the city’s operational technology met enhanced state standards while providing a clear roadmap for awareness and training programs. These solutions allow the city to move from raw data monitoring to a proactive infrastructure defense.
Demonstrating WQAA Legislative Compliance
The city successfully demonstrated compliance with the Water Quality Accountability Act. Delivering a final report to state integration cells secured the city’s standing and improved its ability to manage cybersecurity risks across its entire water supply system.
.jpg)