The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Cybersecurity Assessments
What is a cybersecurity assessment?
A cybersecurity assessment is a process that helps organizations identify, evaluate, and mitigate cyber risks to their operations, assets, and personnel. It involves analyzing vulnerabilities, threats, and security measures to enhance overall cybersecurity resilience. Cybersecurity assessments are not mandated by the Safe Drinking Water Act, but they are highly recommended.
Why it's important?
- Cyber-attacks can impact public health.
- Cyber criminals can gain access to protected employee. and customer information.
- Cyber-attacks could cause service disruptions.
What do they do and why are they done?
- Ensure protection of operational and critical functions.
- Enhances overall cybersecurity resilience.
- First step for a water supply to get cyber insurance coverage.
- Establishes a cybersecurity baseline for future comparisons.
- Can be conducted internally or with external support.
What to expect during a cybersecurity assessment?
- Cybersecurity assessments are performed by in depth evaluation of your IT and Operation Technology (OT) critical infrastructure and encompasses the components listed in Step 2.
- The cyber assessment generally takes 2-4 hours to perform.
- The cyber assessor will be using CISA's 38 goals.
Who will perform the cybersecurity assessment?
- Cyber assessments can be performed by CISA, Michigan Command Center (MC3), or third-party vendors specializing in cybersecurity.
Identify:
- Cybersecurity leadership within the organization
- OT and IT equipment inventory
- Vulnerabilities related to cybersecurity
- Partnerships to enhance cybersecurity resiliency
- Vendors and suppliers that are operating under best practices for cybersecurity
Protect:
- Water supply by practicing password hygiene, credential management (unique credentials for each user and revoking credentials for departing employees)
- Water supply by separating user and privileged accounts, network segmentation between OT and IT networks, monitor unsuccessful login attempts on OT and IT networks, and incorporating multi-factor authentication
- Water supply by regularly storing backups, creating incident response plans, managing login records, prohibiting connections of unauthorized devices, limiting OT connections to public internet, etc.
Detect:
- Having the capability of detecting cyber actor Tactics, Threats, and Procedures (TTPs) and documenting the threats.
Respond:
- By having Standard Operating Procedures (SOPs) in place of how to report and who to contact in the event of a cybersecurity incident.
Recover:
- Organizations are capable of safely and effectively recovering from a cybersecurity incident.
Let's get started on your assessment:
Register for a cybersecurity assessment by completing the Cyber Assessment Request Form.