NCCoE Releases Initial Public Draft of Cybersecurity for the Water and Wastewater Sector

The National Cybersecurity Center of Excellence (NCCoE) has released for public comment a draft of Cybersecurity for the Water and Wastewater Sector: Build Architecture, Operational Technologies Remote Access. The comment period is open through July 15, 2024. 

About the Project

This Technical Note describes the product agnostic remote access reference architectures and presents three remote access example solutions the NCCoE plans to demonstrate as part of the Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems project. The Technical Note presents a traditional on-premises remote access reference architecture and two example solutions: one for medium to large water and wastewater systems (WWS) and one for very small to small WWS. A cloud-based remote access reference architecture and example solution are also described.  

We are first addressing the remote access scenario and describing architectures and example solutions which allow authorized access to a water or wastewater utility’s Operational Technology (OT) assets. Subsequent publications will address the other identified risk scenarios and solutions.

Submit Your Comments

The public comment period for the draft is open until 11:59 p.m. EST on July 15, 2024. Visit the NCCoE Securing Water and Wastewater Utilities project page for the draft publication and comment form.

Join our Community of Interest

If you have expertise in Cybersecurity for the Water/Wastewater Sector and would like to help shape this or future projects, please consider joining our Community of Interest (COI). You can become a COI member by completing the sign-up form on our project page.