Cybersecurity Hub

EFC provides grant funding and no-cost technical assistance to help local governments and eligible entities strengthen the cybersecurity of their drinking water and wastewater systems. This program is part of Governor Kathy Hochul's comprehensive cybersecurity initiative to strengthen and protect water infrastructure statewide. The Strengthening Essential Cybersecurity for Utilities and Resiliency Enhancement (SECURE) grant program, together with hands-on support from the  Community Assistance Teams, equips local governments with the tools to prevent, detect, and respond to increasingly sophisticated and dangerous cyber threats to critical water infrastructure while strengthening services that millions of New Yorkers rely on every day.

Webinar Recording: Cybersecurity Tips and First Steps

Learn about cybersecurity basics for the water industry, get an in-depth look at EFC’s 12 First Steps for Cybersecurity Preparedness, and hear more about new State cybersecurity initiatives through EFC and our partner agencies.

Watch on YouTube

Video: Cybersecurity 101

Not sure what cybersecurity really means for your water or wastewater system? This video from the U.S. Environmental Protection Agency (EPA) explains the basics in plain language. It covers the difference between your office computers and the systems that run your pumps and valves, how hackers try to get in, and what simple steps you can take to stop them.

RTC Number 26194-26C | Credit available: 0.5 contact hours

View trainings on EPA'S website

Online Course: Basic Cybersecurity Measures

Once you understand the basics of cybersecurity, we recommend this self-paced, interactive course that walks you through practical steps your team can take to protect your systems. You'll learn how to set up stronger passwords, manage who has access, keep your software up to date, and respond to a cyberattack. Originally created for the Massachusetts Department of Environmental Protection, this course counts toward training hours for certified operators in New York State.

RTC Number 26193-26C | Credit available: 1 contact hour

View the Course

EPA’s Water Sector Cybersecurity Evaluation Program

Did you know performing a cybersecurity assessment could reduce the risk of a cyber attack by up to 45%?

Drinking water and wastewater utilities can use this form to request a free cybersecurity assessment. This evaluation will provide the assessed utility with a risk mitigation template to help understand discovered cybersecurity vulnerabilities and provide guidance on enhancing overall cybersecurity posture.

Request a free cybersecurity evaluation

Security Controls: How Does Your System Compare?

Want to see how your system stacks up? This worksheet helps you review your current security measures and spot areas that need improvement. It’s based on widely accepted best practices from the Center for Internet Security and is a great tool to start planning your next steps.

Download Center for Internet Security Controls

12-Step Checklist

Improve your system’s defenses with these easy first steps recommended by the Community Assistance Teams. The resources above will help prepare you to take the actions listed below. Act today to avoid a cybersecurity incident tomorrow.

1. Change default passwords
2. Use strong passwords and implement a password policy
3. Enforce access controls
4. Take inventory of all assets
5. Back up both operational and informational systems
6. Keep all software updated
7. Develop an incident response plan
8. Enable multifactor authentication
9. Learn how to identify phishing attempts
10. Ensure operational systems are not accessible via unsecured internet connections
11. Apply user privilege management
12. Review our cybersecurity resources

Download the Checklist (PDF)