Cybersecurity

On March 18, 2024, the White House issued a press release addressed to governors nationwide, alerting them to a critical security threat facing water and wastewater systems in the U.S.. The communication highlighted that water systems, both large and small, are being targeted by foreign entities with malicious intent. The threat actors are actively seeking various avenues to gain unauthorized access to sensitive data files and records.

These attacks pose a significant risk of disrupting the essential services provided by water systems, potentially jeopardizing the supply of clean and safe drinking water. Moreover, they can impose substantial financial costs on affected communities. To raise awareness and understanding of this risk, we are providing descriptions of these threats and to seek your partnership in taking action to safeguard water systems and the communities they serve.

In response to these escalating threats, the Department of Environmental Quality (DEQ) is creating a Utah Public Water and Wastewater System Cybersecurity Plan. The objective of this plan is to assist all public drinking water and wastewater systems in immediate response, investigation, and isolation of cyberattacks by connecting them with top State and Federal cybersecurity experts and providing technical support during the incident.

Our goal is to promote statewide preparedness and provide support for responding to and recovering from any cyber incidents that may arise.

Utah Public Water and Wastewater System Cybersecurity Plan

Public Water System Notification Requirements

If a public water system suspects a cyberattack, it is imperative that they promptly initiate incident response measures. Security failures within water system technology could have cascading impacts across critical infrastructure. Responding immediately and effectively to a cyberattack is essential for minimizing potential damage to water systems.

Per R309-105-18, drinking water systems need to contact the Division of Drinking Water within eight hours if an emergency situation exists. R309-105-18(e) defines a threat or evidence of vandalism or sabotage that may affect the quality of delivered water as an emergency incident. The division will assist the water system with contacting top State and Federal cybersecurity experts for immediate support.

Resources

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) websites offer guidance, tools, training, resources, and technical assistance for water systems.

Contacts

State of Utah

24/7 Emergency response line (801) 536-4123
Report an incident online

24/7 Emergency response line (801) 560-8456

DTS-SOC@utah.gov
24/7 Emergency response line (801) 538-3011

Other

24/7 report@cisa.gov
24/7 (888) 282-0870

EmergencyResponse@rwau.net


Last Updated:

Categories:

Tags:

Back to top