Water Utilities & Cybersecurity

*Page Updated May 23, 2024

EPA Enforcement Alert for Community Water Systems

On May 20th, 2024, the EPA issued an Enforcement Alert concerning Drinking Water Systems need to address Cybersecurity vulnerabilities.  This Enforcement Alert provides community water systems (CWSs) with information on immediate steps the Water Systems can take to ensure compliance with SDWA Section 1433 and to reduce cybersecurity vulnerabilities. Section 1433 of Safe Drinking Water Act requires Community Water Systems serving more than 3,300 people to conduct Risk & Resilience Assessments, develop Emergency Response Plans, and certify their completion to the EPA. These assessments and plans must include Cybersecurity. The Enforcement Alert also outlines steps the EPA will take to increase enforcement activity to protect the nation’s drinking water.

The Enforcement alert can be reviewed at: Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities | US EPA

image of circuitry and a lock


To help water and wastewater utilities stay informed about recent cybersecurity threats, the below information and links provide resources and information from Environmental Protection Agency (EPA), Cybersecurity and Infrastructure Security Agency (CISA), Water Information Sharing and Analysis Center (WaterISAC), American Water Works Association (AWWA).

Please report any suspected criminal cyber activity to FBI and/or CISA as quickly as possible. The EPA/WaterISAC Joint Advisory on Potential Threat to Critical Infrastructure and CISA’s Shields Up Website contain the latest information and developments.