Customer; NIST Cybersecurity Framework and IEC 62443 (Parts 2-1, 3-2)
A water plant approached exida to conduct a cybersecurity gap analysis and high-level risk assessment with the aim of abiding by the AWIA cybersecurity requirements. America's Water Infrastructure Act (AWIA) of 2018 requires community water systems serving 3,300 or more people to conduct a risk and resilience assessment and develop an emergency response plan that has to be updated every five years. Failure to conduct a gap analysis and risk assessment places the plant at a high risk of critical systems being attacked, direct losses, damages, or penalties due to data being exposed, weakened confidence in the organization, and reduced availability of systems or data. The water plant wanted us to deliver a combined gap and High-Level Risk Assessment (HLRA) report, prioritized recommendations, and a roadmap for implementing the solutions. Our team spent two days on the site undertaking a detailed process together with the water plant's personnel and team. The aim of the cybersecurity gap analysis was to reveal the plant's risks and weaknesses, to prevent attacks and direct losses.
Our team is well equipped with control system expertise, experience with practical implementation, provision of advisory services, and tool-based exSILentia CyberPHAxTM. We readily took up the project with the aim of going above and beyond the AWIA requirements while benchmarking against global best practices. We intended to provide the water plant with a tailored output to facilitate focusing improvement efforts on the higher risk/bigger payback activities.