WaterNewswatch

Cybersecurity Fundamentals for Water and Wastewater Utilities

March 4-5, 2024 | Online

Click Here to register $1195

If you are unable to attend at the scheduled date and time, we make recordings available to all registrants for three business days after the event

The Cybersecurity Fundamentals course for water and wastewater utility professionals will provide a general overview of successful cybersecurity program development. Designed for organizational leaders in the water and wastewater industry, this online course provides practical knowledge of basic security measures that can be implemented to address risks associated with the most common cyberattacks. 

The key take-away from this course is to provide organizational leadership with knowledge needed to be able to ask their team of cybersecurity professionals the right questions when conducting an internal assessment of their organization’s cybersecurity posture and ability to be resilient to cyberattacks. 

Register today to learn about:

  • The most common cyber threats
  • Specific counter measures that can be employed by any organization
  • The role organizational culture plays in impacting risk-mitigating activities against water and wastewater facilities’ critical infrastructure
  • Leaders will also develop an understanding of how people, processes and technology all work together to improve cyber defense efforts

Learning Outcomes

  • Analyze leading trends in next-gen cyber challenges and innovative solutions
  • Describe and compare cybersecurity frameworks and compliance models
  • Discuss social engineering, ransomware, and email/media channel compromise mitigation
  • Discuss identification and protection of high value assets in critical infrastructures
  • Review assessment and risk management approaches and incident management methods
  • Examine supply chain and partner risks and cyber contracting and litigation issues
  • Communicate strategies for effective cybersecurity budgeting and prioritization

Agenda

MONDAY, MARCH 4, 2024

9:00 a.m. – 4:00 p.m. Central Time

Introduction to Cyber Threat for Water and Wastewater Utilities

  • The Most Common Cyber Threat Attack Vectors
  • Who Are the Attackers and What Do They Want?
  • The Basics about Advanced Persistent Threat (APT) Teams

Best Practices from Water ISAC, NIST, ISO, and CIS

  • Water ISAC Best Practices
  • Cyber Policy and IT Security Frameworks
  • Social Engineering
  • Being Smart in the Digital World

Lunch Break

Common Exposures of Email, Media, Supply Chain, Etc.

  • Definitions
  • Email Security
  • Social Media and Related Security
  • Supply Chain
  • Process Control
  • Procurement Controls

Ransomware and Other Common Malware Variants

  • Definitions of Malware Variants
  • Ransomware Discussion

Common Adversary Methodologies

  • Cyber “Kill Chain”
  • Adversary Tactics, Techniques and Procedures (TTPs)
  • MITRE ATT&CK framework

Overview of Technical Counter Measures

  • Cybersecurity Hardware
  • Cybersecurity Software
  • Overview of Cloud Architectures
  • Basic Enterprise Architecture

Overview of Defensive Architectures

  • Defense In-Depth
  • Zero Trust
  • Secure Access Service Edge (SASE)

TUESDAY, MARCH 5, 2024

9:00 a.m. – 12:00 p.m. Central Time

Basic Elements of Incident Response (Responding to Cyberattacks)

  • Cyber Incident Management Framework
  • Communications Planning
  • Cyber Incident Walk Through

Cyber Resiliency

  • Emergency Response Plan
  • The Triad of Emergency Response Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
  • Continuity of Operations Plan / Disaster Recovery Plan
  • Crisis Management Teams
  • Manual Overrides and Temporary Manual Operations
  • System Redundancy

Assessing Risk and Making Risk-Based Decisions

  • Cyber Risks are different from Financial, and Operational Risks
  • Using Threat, Cybersecurity Assessments, Audits and Penetration Tests
  • Developing Meaningful Compensating Controls
  • Creating the Realistic Risk Assessment

Establishing the Value Proposition for Cybersecurity

Online Activity

Wrap up and Adjourn

Instructor

Dr. Christopher Carter, Chief Information Officer (CIO), a Maryland Water Utility

Dr. Carter is an experienced IT and Cybersecurity leader with a Doctorate in Information Assurance and has cultivated process expertise across diverse mission disciplines. As Chief Information Officer for a large Maryland Water Utility, he served as the executive responsible for directing and managing the IT Department and leading a large team of staff, consultants, and implementation support specialists for IT and OT Management. He is accountable for ensuring that Water Utility Technology and Services are securely designed and implemented under constrained budgets and in full alignment with senior business leadership’s strategic goals and objectives. He was formerly the Technical Director for Cybersecurity and Cyber-Physical OT Security at Diplomatic Security at the State Department and has held several other Cybersecurity leadership roles in other civil agencies and the Department of Defense (DOD).