Water Utility OT Security: America's Water Infrastructure and the Cybersecurity Gap

3,300

Minimum population served threshold triggering AWIA 2018 risk and resilience assessment obligation

America's water and wastewater systems are regulated under the Safe Drinking Water Act Section 1433, as amended by AWIA 2018, which requires community water systems serving more than 3,300 persons to conduct a Risk and Resilience Assessment and certify completion to the EPA Administrator. The 2021 Oldsmar, Florida incident â€” where an attacker accessed a water treatment SCADA system via remote desktop and attempted to increase sodium hydroxide to dangerous levels â€” demonstrated the operational consequence of unsecured OT. CISA's water sector guidelines and EPA's cybersecurity advisories provide a framework, but the engineering work to implement segregated OT networks, secure remote access, and anomaly detection in aging SCADA infrastructure falls entirely on the utility.

Full article content coming soon.

Compliance Engineering

The engineering behind this article is available as a service.

We have done this work — not advised on it, not reviewed documentation about it. If the problem in this article is your problem, the first call is with a senior engineer who has solved it.

Talk to an Engineer See Case Studies →

Water Utility OT Security: America's Water Infrastructure and the Cybersecurity Gap

EU AI Act: What CTOs Actually Need to Do Before August 2026

DORA Is Live. Here's What 'Operational Resilience' Means for Your Codebase

FedRAMP Rev 5: What Changed and Why Most Current ATO Holders Are Already Non-Compliant

The engineering behind this article is available as a service.