Skip to main content

Cybersecurity for the Water Sector

Vector illustration of a data security services.
Environment, Great Lakes, and Energy

Cybersecurity for the Water Sector

Contact

Michigan Cyber Command Center
MC3@Michigan.gov
877-MI-CYBER (877-642-9237)

The Michigan Cyber Command Center (MC3) is responsible for the coordination of combined efforts of cyber emergency response during critical cyber incidents in Michigan. Emphasis is placed upon prevention, response, and recovery from cyber incidents.

MC3 works collaboratively with the Michigan Department of Environment, Great Lakes, and Energy  (EGLE), the Cybersecurity and Infrastructure Agency (CISA), Federal Bureau of Investigation (FBI), and the U.S. Environmental Protection Agency (USEPA) to provide an overview of the cyber threats facing the water sector (drinking water, wastewater, industrial storm water) and additional resources that you can use to learn more about cybersecurity best practices and reducing the risk of cybersecurity threats. EGLE recommends that water sector utilities contact the MC3 to initiate criminal investigative assistance and response as soon as a critical cyber incident is identified.

Cybersecurity Best Practices

To prevent the potential compromise of your water utility, it is important to take the following steps:

  1. Ensure all default passwords are changed to a complex and unique 16-character password.
  2. Require multifactor authentication.
  3. Review and apply the latest security patches and updates provided by your hardware/software vendor.
  4. Continuously monitor network traffic and system logs for suspicious activity.
  5. Keep up-to-date offline backups.

Other steps to take:

  • Educate employees about the risks of phishing attacks and social engineering tactics cyber adversaries may use to gain unauthorized access.
  • Conduct regular cybersecurity training sessions for employees to enhance awareness.
  • Consider engaging cybersecurity experts for a comprehensive assessment of your water utility’s digital infrastructure to identify potential vulnerabilities.