The Indiana Department of Environmental Management (IDEM) has partnered with the Indiana Office of Technology (IOT) to improve water and wastewater cybersecurity across the state. This collaboration comes in response to recent cyber attacks targeting a drinking water utility in New Castle and wastewater utility in Tipton. The agencies assisted in the development of Indiana Senate Bill 459 (SB459), passed in July, mandating cybersecurity vulnerability assessments and other cybersecurity measures for certain water and wastewater facilities.
SB459 establishes a process for incident reporting, with various notification timelines depending on the type of breach or impact to systems. When a cyber incident occurs, facilities must first notify IOT, as well as IDEM in the case of public health impact. These departments then coordinate with other state agencies for on-the-ground response. SB459 also requires certain systems to designate primary cybersecurity contacts.
IDEM has made available on its website a Risk Assessment Guidance, Risk Assessment Tools, and fact sheets on Cyber Smart Guidance and Top Cyber Actions for Securing Water Systems. The Risk Assessment Guidance outlines which entities are required to complete vulnerability assessments, what those entail, and the compliance timeline for SB459.
Moving forward, IDEM is seeking to enhance education and outreach efforts on cybersecurity initiatives by developing informational videos and graphics.
