15 Cybersecurity Fundamentals

for Water and Wastewater Utilities

Great list originally published by WaterISAC on the 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Easy to consume info-share for those looking for high-level guidance:

1. Perform Asset Inventories

2. Assess Risks

3. Minimize Control System Exposure

4. Enforce User Access Controls

5. Safeguard from Unauthorized Physical Access

6. Install Independent Cyber-Physical Safety Systems

7. Embrace Vulnerability Management

8. Create a Cybersecurity Culture

9. Develop and Enforce Cybersecurity Policies and Procedures

10. Implement Threat Detection and Monitoring

11. Plan for Incidents, Emergencies, and Disasters

12. Tackle Insider Threats

13. Secure the Supply Chain

14. Address All Smart Devices (IoT, IIoT, Mobile, etc.)

15. Participate in Information Sharing and Collaboration Communities