New York Implements Cybersecurity Standards and $2.5M Grant to Protect Water Systems
Cyber threats targeting critical infrastructure have expanded beyond traditional sectors like energy and finance, increasingly encompassing water systems. As drinking water and wastewater facilities become more reliant on digital technologies, the cybersecurity of these infrastructures has emerged as a pressing concern for governments globally.
In a significant move to address these vulnerabilities, New York Governor Kathy Hochul recently announced a comprehensive set of cybersecurity regulations alongside a $2.5 million grant program. This initiative aims to bolster the defenses of local drinking water and wastewater systems against cyber attacks. State officials describe this as a holistic approach to water infrastructure cybersecurity, integrating regulatory standards, financial support, and technical assistance to enhance the security of essential services utilized by millions of New Yorkers.
“Cyber attacks on our water infrastructure can disrupt services and threaten public health and safety,” stated Governor Hochul. “My administration is protecting New Yorkers by modernizing regulations and providing resources to adopt these important safeguards. There is nothing more important than keeping New Yorkers safe.”
The Importance of Water Infrastructure Cybersecurity
Historically, water infrastructure has been viewed primarily as a physical utility issue. However, as treatment plants and distribution systems increasingly adopt internet-connected controls and digital monitoring systems, the cybersecurity of water infrastructure has become a frontline concern.
Modern facilities utilize digital systems for monitoring chemical balances, controlling pumps, managing filtration processes, and coordinating distribution networks. While these technologies enhance operational efficiency, they also introduce significant cyber risks. State officials have warned that cyber attacks targeting water infrastructure could disrupt essential services or compromise systems designed to protect public health. With the expansion of digital infrastructure across critical utilities, enhancing water infrastructure cybersecurity is becoming as vital as maintaining the physical components.
New Cybersecurity Standards for Water Utilities
To tackle these challenges, the New York State Department of Environmental Conservation and the New York State Department of Health have collaboratively developed new cybersecurity standards for water utilities statewide. These regulations establish minimum security requirements aimed at strengthening cybersecurity while remaining practical for local operators. Key measures include:
- Mandatory cybersecurity training for certified operators
- Cybersecurity incident reporting requirements
- Risk-based, tiered standards to protect critical operations and sensitive information
- Designation of a cybersecurity lead role at larger drinking water systems
These measures are designed to guide water utilities toward a more structured approach to cybersecurity, ensuring operators possess the necessary knowledge and accountability to address emerging threats.
$2.5 Million SECURE Grant Program to Support Local Utilities
In conjunction with the regulatory framework, the state is introducing financial support to assist communities in implementing cybersecurity improvements. The Strengthening Essential Cybersecurity for Utilities and Resiliency Enhancements (SECURE) grant program, administered by the New York State Environmental Facilities Corporation, will allocate $2.5 million in funding to support cybersecurity initiatives at local water and wastewater facilities.
The program includes:
- Up to $50,000 for cybersecurity assessments
- Up to $100,000 for cybersecurity upgrades
Additionally, the Environmental Facilities Corporation will offer no-cost technical assistance through Community Assistance Teams, helping utilities implement best practices and navigate grant applications. State officials believe that combining regulations with funding will make cybersecurity improvements more feasible for smaller communities with limited resources.
A Coordinated Approach to Critical Infrastructure Security
Officials involved in this initiative emphasize that cybersecurity challenges cannot be addressed by individual agencies in isolation. The state’s strategy relies on coordination across multiple departments and levels of government.
Colin Ahern, New York State Director of Security and Intelligence, underscored the necessity for proactive defense. “In today’s threat environment, the security of our digital infrastructure is just as critical as the physical security of our reservoirs. Under Governor Hochul’s leadership, we are moving beyond reactive defense. By pairing nation-leading standards with the SECURE grant program, we are providing New York’s water sectors with the intelligence-driven framework and the muscle they need to preemptively harden our most vital systems against sophisticated global adversaries.”
Acting Chief Cyber Officer Michaela Lee highlighted the importance of sustained cooperation between state agencies and local operators. “Effective cybersecurity is not a one-time fix; it is a sustained partnership between the State and our local operators. Following the successful implementation of new standards for our financial and healthcare sectors, Governor Hochul is continuing her steady, sector-by-sector plan to fortify New York’s most critical infrastructure. By providing both the regulatory roadmap and the $2.5 million SECURE grant, we are ensuring that water and wastewater utilities have the guidance and resources they need to remain resilient in an increasingly digital world.”
A Broader Push to Secure Water Infrastructure
This initiative reflects a broader investment strategy, as New York State has significantly increased funding for water infrastructure projects in recent years, including $3.8 billion in financial assistance for local projects in State Fiscal Year 2025. State officials argue that modern infrastructure investments must now encompass cybersecurity protections. As water systems continue to digitize, neglecting cyber risks could expose essential services to potential disruptions.
From an infrastructure security perspective, the new regulations and grant program signify a shift in governmental thinking regarding public utilities. Protecting water systems is no longer solely about physical components; it increasingly involves strengthening cybersecurity measures to safeguard essential services in a connected world.
According to publicly available reporting, this initiative marks a pivotal step in addressing the cybersecurity vulnerabilities of water infrastructure in New York.
Follow the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East: Middle East.
