Drinking Water Security Response Toolbox

This toolbox is designed to help water utilities plan for, prevent, and guide responses to security threats including general malevolent acts, cyberattacks, tampering, and violent acts.

Shield’s Up Initiative

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.

Organizations should report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.

Preparing for malevolent acts

Malevolent acts, such as vandalism, tampering, violent acts, cybersecurity attacks, and terrorism attacks, pose a threat to water/wastewater utilities and are sometimes overlooked in Risk and Resilience Assessments as well as Emergency Response Planning efforts. Malevolent acts can affect your critical infrastructure by creating contamination events or by slowing or stopping your facility’s ability to function. This toolbox will help you prevent, detect, prepare for, and respond to tamping events and violent acts. 
  

• Planning resources: The department gathered resources to help your system prepare and respond to malevolent acts.
• Guidance: Report and Respond to Tampering Events or Security Threats.
• Join Colorado’s Water/Wastewater Agency Response Network (CoWARN).
  • To apply as a member or associate representative, email the following to the CoWARN Website Administrator:
    1. Name of your utility/organization.
    2. Name, email, and phone number of a primary contact (once registered you will be able to add more contacts).
  • In addition, all water/wastewater utilities must have an Authorized Official sign and submit the Mutual Aid Agreement in order to become a CoWARN member.
    1. Download and view the Mutual Aid and Assistance Agreement.
  • Call 1-877-518-5608 to report malevolent acts or threats just as you would call to report hazardous substance spills or incidents that pose a risk to public health at any time. See the above guidance for more information on reporting processes. 

Protecting against and responding to cybersecurity threats

Cybersecurity attacks, defined as assaults launched by cybercriminals using one or more computers against a single or multiple computers or networks, have recently increased. This toolbox will help you learn the basics of cybersecurity, how to protect your critical infrastructure, and how to respond to cybersecurity attacks. 

• Take the following steps to prepare your system from a cyberattack: 
  1. Backup data, system images, and configurations and keep the backups offline.
  2. Regularly download updates and patches for your system from software manufacturers. 
  3. Make sure your security solutions (such as malware) are up to date.
  4. Review and exercise your incident response plan.
  5. Pay attention to ransomware events and apply lessons learned.
     1. Visit the Cybersecurity and Infrastructure Security Agency’s (CISA) National Cyber Awareness System website. 
     2. Join one of CISA’s Information Sharing Networks to help you stay informed
  6. Create, maintain and deliver cybersecurity training for employees 
• Cybersecurity Resources: The department gathered resources to help your system prepare and respond to cybersecurity attacks. 
• Guidance: Respond and Report Cyberattacks is a guidance document that can be used when your water/wastewater facility experiences a cybersecurity event. It outlines what steps to take, how to report the event, and what to expect after reporting the event.