EPA Cybersecurity Exam for Utilities

 

Recently, the EPA was mandated with the implementation of cybersecurity best practices for water & wastewater utilities with a focus on small systems.

Can your utility pass their 10-question cybersecurity exam?

Does your utility or business….

  1. Keep an inventory of control system devices and ensure this equipment is not exposed to networks outside the utility?

Never allow any machine on the control network to “talk” directly to a machine on the business network or the Internet.

  1. Segregate networks and apply firewalls?

Classify IT assets, data, and personnel into specific groups, and restrict access to these groups.

  1. Use secure remote access methods?

A secure method, like a virtual private network, should be used if remote access is required.

  1. Establish roles to control access to different networks and log system users?

Role-based controls will grand or deny access to network resources based on job functions.

  1. Require strong passwords and have different passwords for different accounts.

Use strong passwords and have different passwords for different accounts.

  1. Stay aware of vulnerabilities and implement patches and updates when needed?

Monitor for and apply IT system patches and updates.

  1. Enforce policies for the security fo mobile devices?

Limit the use of mobile devices on your networks and ensure devices are password protected.

  1. Have an employee cybersecurity training program?

All employees should receive regular cybersecurity training.

  1. Involve utility executives in cybersecurity?

Organizational leaders are often unaware of cybersecurity threats and needs.  

  1. Monitor for network intrusions and have a plan in place to respond?

Be capable of detecting a compromise quickly ane executing an incident response plan.

For more information, see the link below or contact TPM by United Systems:

https://www.epa.gov/waterriskassessment/water-sector-cybersecurity-brief-states