Water utility cybersecurity assessment FAQs

Some water utilities or water-related businesses do not have cybersecurity expertise on staff, therefore it is a great idea for the water sector to begin their cybersecurity journey with a focus on incident response. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Environmental Protection Agency (EPA) in the U.S. recently published an incident response guide for the water and wastewater sector. This document has many free and helpful tips and resources, and the entire incident response cycle is described in the document: Prepare, detect/analyze, contain/eradicate/recover, post-incident analysis.

Digital technologies can be used to solve major water challenges and help you to improve on your operations. As digital technologies are adopted, there is also a growing need to ensure cybersecurity protections are included.

Xylem’s cybersecurity assessment services and Dragos’s incident response can help to strengthen your cybersecurity defenses and ease concerns about using digital technologies. Xylem currently offers five cybersecurity assessment services: architecture review, vulnerability review, maturity assessment, and a health check (learn more about these four services here). We have also partnered with Dragos to offer their incident response retainer. An added benefit of Dragos’s incident response is that any prepaid retainer hours that are not used to remediate a cybersecurity incident can be applied to any Dragos professional service offerings, including training, threat hunting, and assessment services. 

Five services are currently offered. You can purchase just one or any combination of the services. For help with determining which cybersecurity assessment service(s) may be most beneficial for your team, contact us.

Contact us to determine whether a maturity assessment is right for you. If so, we will work together to review your team’s skills and to determine opportunities to help you improve on minimizing the impact related to cyber threats and incidents.

We will work with your team via virtual workshops to ensure they understand the background of why any remediation(s) have been suggested and how to close any gaps. After each assessment service is completed, your team will receive a prioritized and detailed roadmap of gap remediations. 

Our services can help you to protect digital technologies delivered by Xylem or other providers. At Xylem, our vision is to solve water challenges. This includes helping you to keep water safe and secure no matter what technology you decide to use.

Prepaid retainer hours are flexible and can be applied to any Dragos professional service offerings, including training, threat hunting, and assessment services.

It is sold in bundles of 80-400 hours depending on your utility’s / environment’s complexity. Dragos agrees to specific response time service level agreement (SLA) commitments for their incident response customers. 

Please contact us and someone from the cybersecurity team will reach out to you shortly.