Cybersecurity Consultations Available Now
Overview
New York’s Commitment to Cybersecurity
Governor Kathy Hochul has launched a comprehensive cybersecurity initiative to strengthen and protect water systems statewide. Cybersecurity threats are rising rapidly – with more than 32,000 information security incidents reported nationally in 2023 alone. Drinking water and wastewater utilities in communities large and small are increasingly targeted, as attackers exploit vulnerabilities like default passwords, unsecured remote access, and outdated security practices. A cybersecurity incident can cost money, time, and valuable resources – and potentially halt water services.
Under Governor Hochul’s leadership, EFC will deliver financial and technical assistance to help communities fortify their systems and bolster cybersecurity defenses. This includes launching new grant program and expanding support from its Community Assistance Teams.
As EFC develops these programs, the Community Assistance Teams are providing resources to help communities take immediate action to strengthen their cybersecurity. This hub will be regularly updated. Sign up for emails from EFC to be the first to know when grant opportunities launch and new resources become available.
Cybersecurity Resources
Learn the Risks, Take Action
Webinar Recording: Cybersecurity Tips and First Steps
Learn about cybersecurity basics for the water industry, get an in-depth look at EFC’s 12 First Steps for Cybersecurity Preparedness, and hear more about new State cybersecurity initiatives through EFC and our partner agencies.
Video: Cybersecurity 101
Not sure what cybersecurity really means for your water or wastewater system? This video from the U.S. Environmental Protection Agency (EPA) explains the basics in plain language. It covers the difference between your office computers and the systems that run your pumps and valves, how hackers try to get in, and what simple steps you can take to stop them.
RTC Number 25274-25 | Credit available: 0.5 contact hours
Online Course: Basic Cybersecurity Measures
Once you understand the basics of cybersecurity, we recommend this self-paced, interactive course that walks you through practical steps your team can take to protect your systems. You'll learn how to set up stronger passwords, manage who has access, keep your software up to date, and respond to a cyberattack. Originally created for the Massachusetts Department of Environmental Protection, this course counts toward training hours for certified operators in New York State.
RTC Number 25347-25 | Credit available: 1 contact hour
EPA’s Water Sector Cybersecurity Evaluation Program
Did you know performing a cybersecurity assessment could reduce the risk of a cyber attack by up to 45%?
Drinking water and wastewater utilities can use this form to request a free cybersecurity assessment. This evaluation will provide the assessed utility with a risk mitigation template to help understand discovered cybersecurity vulnerabilities and provide guidance on enhancing overall cybersecurity posture.
Security Controls: How Does Your System Compare?
Want to see how your system stacks up? This worksheet helps you review your current security measures and spot areas that need improvement. It’s based on widely accepted best practices from the Center for Internet Security and is a great tool to start planning your next steps.
12-Step Checklist
Improve your system’s defenses with these easy first steps recommended by the Community Assistance Teams. The resources above will help prepare you to take the actions listed below. Act today to avoid a cybersecurity incident tomorrow.
- Change default passwords
- Use strong passwords and implement a password policy
- Enforce access controls
- Take inventory of all assets
- Back up both operational and informational systems
- Keep all software updated
- Develop an incident response plan
- Enable multifactor authentication
- Learn how to identify phishing attempts
- Ensure operational systems are not accessible via unsecured internet connections
- Apply user privilege management
- Review our cybersecurity resources