The National Institute of Standards and Technology (NIST) plans to create a cybersecurity practice guide for the water and wastewater utilities sector, according to an announcement published last week.
The National Cybersecurity Center of Excellence (NCCoE) is seeking feedback from all stakeholders in water and wastewater systems to design the planned reference architecture, but is especially interested in hearing from small, medium, and large water utilities.
“The U.S. Water and Wastewater Systems sector has been undergoing a digital transformation,” NIST’s project description said.
“Many sector stakeholders are utilizing data-enabled capabilities to improve utility management, operations, and service delivery,” it said. “The ongoing adoption of automation, sensors, data collection, network devices, and analytic software may also increase cybersecurity-related vulnerabilities and associated risks.”
The increased adoption of technologies by the critical infrastructure sector merits the development of best practices, guidance, and solutions to ensure that the cybersecurity posture of facilities is safeguarded, NIST said.
The NCCoE project will determine common scenarios for cybersecurity risks among water utilities. It will profile several areas: asset management, data integrity, remote access, and network segmentation. Additionally, the NCCoE will explore the utilization of existing commercially available products to mitigate and manage these risks.
The public comment period on the draft project description is open until Dec. 19.