Skip to main content

Cybersecurity Assessments

What is a cybersecurity assessment?

A cybersecurity assessment is a process that helps organizations identify, evaluate, and mitigate cyber risks to their operations, assets, and personnel. It involves analyzing vulnerabilities, threats, and security measures to enhance overall cybersecurity resilience. Cybersecurity assessments are not mandated by the Safe Drinking Water Act, but they are highly recommended.

Cybersecurity Assessment Request Form

Step 1
Breakdown of a cybersecurity assessment

Why it's important?

  • Cyber-attacks can impact public health.
  • Cyber criminals can gain access to protected employee. and customer information.
  • Cyber-attacks could cause service disruptions.

What do they do and why are they done?

  • Ensure protection of operational and critical functions.
  • Enhances overall cybersecurity resilience.
  • First step for a water supply to get cyber insurance coverage.
  • Establishes a cybersecurity baseline for future comparisons.
  • Can be conducted internally or with external support.

What to expect during a cybersecurity assessment?

  • Cybersecurity assessments are performed by in depth evaluation of your IT and Operation Technology (OT) critical infrastructure and encompasses the components listed in Step 2.
  • The cyber assessment generally takes 2-4 hours to perform.
  • The cyber assessor will be using CISA's 38 goals.

Who will perform the cybersecurity assessment?

  • Cyber assessments can be performed by CISA, Michigan Command Center (MC3), or third-party vendors specializing in cybersecurity.
Step 2
Components of a cyber assessment

Identify:

  • Cybersecurity leadership within the organization
  • OT and IT equipment inventory
  • Vulnerabilities related to cybersecurity
  • Partnerships to enhance cybersecurity resiliency
  • Vendors and suppliers that are operating under best practices for cybersecurity

Protect:

  • Water supply by practicing password hygiene, credential management (unique credentials for each user and revoking credentials for departing employees)
  • Water supply by separating user and privileged accounts, network segmentation between OT and IT networks, monitor unsuccessful login attempts on OT and IT networks, and incorporating multi-factor authentication
  • Water supply by regularly storing backups, creating incident response plans, managing login records, prohibiting connections of unauthorized devices, limiting OT connections to public internet, etc.

Detect:

  • Having the capability of detecting cyber actor Tactics, Threats, and Procedures (TTPs) and documenting the threats.

Respond:

  • By having Standard Operating Procedures (SOPs) in place of how to report and who to contact in the event of a cybersecurity incident.

Recover:

  • Organizations are capable of safely and effectively recovering from a cybersecurity incident.
Step 3
Take the next step

Let's get started on your assessment:

Register for a cybersecurity assessment by completing the Cyber Assessment Request Form.