The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Cybersecurity for the Water Sector
Cybersecurity for the Water Sector
The Michigan Cyber Command Center (MC3) is responsible for the coordination of combined efforts of cyber emergency response during critical cyber incidents in Michigan. Emphasis is placed upon prevention, response, and recovery from cyber incidents.
MC3 works collaboratively with the Michigan Department of Environment, Great Lakes, and Energy (EGLE), the Cybersecurity and Infrastructure Agency (CISA), Federal Bureau of Investigation (FBI), and the U.S. Environmental Protection Agency (EPA) to provide an overview of the cyber threats facing the water sector (drinking water, wastewater, industrial storm water) and additional resources that you can use to learn more about cybersecurity best practices and reducing the risk of cybersecurity threats. EGLE recommends that water sector utilities contact the MC3 to initiate criminal investigative assistance and response as soon as a critical cyber incident is identified.
- June 12, 2024 - Phone Scammers Impersonating CISA Employees
- April 30, 2024 - Unitronics Vision Legacy Series (Update A)
- March 29, 2024 - CISA Fact Sheet: Actions for Critical Infrastructure Leaders
- January 18, 2024 - CISA Water and Wastewater Sector - Incident Response Guide
- November 28, 2023 - Exploitation of Unitronics PLCs used in Water and Wastewater Systems
Trainings and webinars
Previously recorded trainings:
- Cybersecurity for the water sector - A dip into digital defense
(1 hour, 3 minutes)
Cybersecurity best practices
To prevent the potential compromise of your water utility, it is important to take the following steps:
- Ensure all default passwords are changed to a complex and unique 16-character password.
- Require multifactor authentication.
- Review and apply the latest security patches and updates provided by your hardware/software vendor.
- Continuously monitor network traffic and system logs for suspicious activity.
- Keep up-to-date offline backups.
Other steps to take:
- Educate employees about the risks of phishing attacks and social engineering tactics cyber adversaries may use to gain unauthorized access.
- Conduct regular cybersecurity training sessions for employees to enhance awareness.
- Consider engaging cybersecurity experts for a comprehensive assessment of your water utility’s digital infrastructure to identify potential vulnerabilities.