Drinking Water Security Response Toolbox

This toolbox is designed to help water utilities plan for, prevent, and guide responses to security threats including general malevolent acts, cyberattacks, tampering, and violent acts.

Call the 24/7 acute phone line at 1-877-518-5608 to report malevolent acts or threats just as you would call to report hazardous substance spills or incidents that pose a risk to public health. Additionally, please fill out this Tampering Threat and Incident Report Form. See the below guidance for more information on the required reporting processes. 

Preparing for malevolent acts

Malevolent acts, such as vandalism, tampering, violent acts, cybersecurity attacks, and terrorism attacks, pose a threat to water/wastewater utilities and are sometimes overlooked in Risk and Resilience Assessments as well as Emergency Response Planning efforts. Malevolent acts can affect your critical infrastructure by creating contamination events or by slowing or stopping your facility’s ability to function. This toolbox will help you prevent, detect, prepare for, and respond to tamping events and violent acts. 

• Planning resources: The department gathered resources to help your system prepare and respond to malevolent acts.
• Guidance: Report and Respond to Tampering Events or Security Threats.
• Join Colorado’s Water/Wastewater Agency Response Network (CoWARN).
  • To apply as a member or associate representative, email the following to the CoWARN Website Administrator:
    1. Name of your utility/organization.
    2. Name, email, and phone number of a primary contact (once registered you will be able to add more contacts).
  • In addition, all water/wastewater utilities must have an Authorized Official sign and submit the Mutual Aid Agreement in order to become a CoWARN member.
    1. Download and view the Mutual Aid and Assistance Agreement.

Protecting against and responding to cybersecurity threats

Cybersecurity attacks, defined as assaults launched by cybercriminals using one or more computers against a single or multiple computers or networks, have recently increased. This toolbox will help you learn the basics of cybersecurity, how to protect your critical infrastructure, and how to respond to cybersecurity attacks. 

• Take the following steps to prepare your system from a cyberattack: 
  1. Backup data, system images, and configurations and keep the backups offline.
  2. Change work and personal passwords regularly.
  3. Use multi-factor authentication for all system access.
  4. Regularly download updates and patches for your system from software manufacturers. 
  5. Make sure your security solutions (such as malware) are up to date.
  6. Review and exercise your incident response plan.
  7. Pay attention to ransomware events and apply lessons learned.
     1. Visit the Cybersecurity and Infrastructure Security Agency’s (CISA) National Cyber Awareness System website. 
     2. Join one of CISA’s Information Sharing Networks to help you stay informed
  8. Create, maintain and deliver cybersecurity training for employees 
• Cybersecurity Resources: The department gathered resources to help your system prepare and respond to cybersecurity attacks. 
• Guidance: Respond and Report Cyberattacks is a guidance document that can be used when your water/wastewater facility experiences a cybersecurity event. It outlines what steps to take, how to report the event, and what to expect after reporting the event.