Skip to main content

EGLE spearheads effort to develop a strategy for cybersecurity preparedness and response for water and wastewater operators in Michigan

As part of National Preparedness Month, the Michigan Department of Environment, Great Lakes, and Energy (EGLE) is highlighting its recent effort to develop a preparedness strategy for drinking water and wastewater treatment plant operators in Michigan.

Vector illustration of a data security services.

EGLE was tasked to lead the multi-agency development of Michigan's plan and to spearhead the outreach to all operators in the state of Michigan.

“When it comes to emergency response, a key strategy for success is knowing the right partners and leveraging their strengths,” said Jay Eickholt, EGLE’s emergency management coordinator. “That is why EGLE has partnered with the Michigan Cyber Command Center (MC3), Michigan State Police, and Michigan Department of Technology, Management, and Budget (DTMB). Through this partnership, the state has been able to conduct free security awareness training, provide educational resources, and support an online library of technical guides all related to cybersecurity,” he added.

The resources provided through EGLE and the Environmental Protection Agency will assist water sector operators in reviewing their internal processes and systems to threats both online and in person. EGLE encourages all operators to review the guidance and make an emergency response plan that includes cyber threats that are becoming more prevalent, including cybersecurity best practices and other steps.

Cybersecurity best practices

To prevent the potential compromise of your water utility, it is important to take the following steps:

  1. Ensure all default passwords are changed to a complex and unique 16-character password.
  2. Require multifactor authentication.
  3. Review and apply the latest security patches and updates provided by your hardware/software vendor.
  4. Continuously monitor network traffic and system logs for suspicious activity.
  5. Keep up-to-date offline backups.

Other steps to take:

  • Educate employees about the risks of phishing attacks and social engineering tactics cyber adversaries may use to gain unauthorized access.
  • Conduct regular cybersecurity training sessions for employees to enhance awareness.
  • Consider engaging cybersecurity experts for a comprehensive assessment of your water utility’s digital infrastructure to identify potential vulnerabilities.