NIST’s National Cybersecurity Center of Excellence (NCCoE) has released for public comment a draft of Cybersecurity for the Water and Wastewater Sector: Build Architecture, Operational Technologies Remote Access. The comment period is open through July 15, 2024.
This Technical Note describes the product agnostic remote access reference architectures and presents three remote access example solutions the NCCoE plans to demonstrate as part of the Cybersecurity for the Water and Wastewater Sector: A Practical Reference Design for Mitigating Cyber Risk in Water and Wastewater Systems project. The Technical Note presents a traditional on-premises remote access reference architecture and two example solutions: one for medium to large water and wastewater systems (WWS) and one for very small to small WWS. A cloud-based remote access reference architecture and example solution are also described.
The NCCoE first plans to address the remote access scenario and describing architectures and example solutions which allow authorized access to a water or wastewater utility’s Operational Technology (OT) assets. Subsequent publications will address the other identified risk scenarios and solutions.
Visit NCCoE’s Securing Water and Wastewater Utilities page to learn more about this project and submit comments.