State-Level Initiatives to Enhance Cybersecurity

States across the United States are taking proactive measures, including mandatory reporting and cybersecurity assessments, to strengthen the cybersecurity defenses of small-town water utilities and other critical infrastructure.


Congressional Action on Critical Infrastructure Cybersecurity

Congress has passed legislation and allocated funding to bolster cybersecurity efforts, establishing the Cybersecurity and Infrastructure Security Agency (CISA) as a lead agency responsible for securing critical infrastructure against cyber threats.


Collaboration Between States and Congress for a Resilient Future

The collaboration between state governments and Congress is essential in developing a comprehensive and adaptable cybersecurity framework to safeguard essential services and protect communities from evolving cyber threats.

computer, city, hack-2930704.jpg

News > Cyber-Security > CS General
by Kevin Wood

States and Congress Address Cybersecurity Concerns Following Iran’s Small-Town Water Utility Attacks



Country on high-alert

In recent years, the world has witnessed a significant increase in cyberattacks, with state-sponsored entities and malicious actors targeting various critical infrastructure systems, including water utilities. One notable incident that has raised concerns among policymakers and cybersecurity experts is the attack on small-town water utilities in the United States, allegedly orchestrated by Iran. In response to these threats, both state governments and Congress have been actively addressing cybersecurity measures to safeguard critical infrastructure.

The Iranian Threat

The attacks on small-town water utilities brought the issue of cybersecurity vulnerabilities to the forefront. In 2020, the U.S. Department of Homeland Security and the Federal Bureau of Investigation (FBI) issued a joint warning about Iranian hackers targeting critical infrastructure sectors, including water and wastewater treatment facilities. The attackers exploited known vulnerabilities in the utilities’ control systems, highlighting the pressing need for enhanced cybersecurity measures.

State-Level Initiatives

State governments across the United States have been taking proactive steps to strengthen the cybersecurity posture of their critical infrastructure. Many states have introduced legislation and initiatives aimed at protecting essential services like water utilities from cyber threats. These efforts include:

  1. Mandatory Reporting: Several states now require critical infrastructure operators, including water utilities, to report any cybersecurity incidents promptly. This helps in early detection and response to potential threats.
  2. Cybersecurity Assessments: States are conducting cybersecurity assessments and audits of their critical infrastructure facilities to identify vulnerabilities and weaknesses that could be exploited by cybercriminals.
  3. Investing in Training: Many states are investing in training programs for their cybersecurity professionals, ensuring that they have the skills and knowledge to defend against evolving threats.
  4. Information Sharing: States are actively participating in information-sharing initiatives, both within the state and with federal agencies, to exchange threat intelligence and best practices.

Congressional Action

The federal government has also taken steps to address the cybersecurity challenges facing critical infrastructure, including water utilities. In December 2020, Congress passed the “Cybersecurity and Infrastructure Security Agency (CISA) Act,” which established CISA as the lead agency responsible for securing critical infrastructure against cyber threats. Key actions by Congress include:

  1. Funding Allocation: Congress has allocated significant funding for cybersecurity initiatives aimed at protecting critical infrastructure. This includes grants to state and local governments to bolster their cybersecurity capabilities.
  2. Legislation: Multiple bills have been introduced in Congress to enhance cybersecurity standards for critical infrastructure sectors. These bills aim to establish mandatory cybersecurity requirements and regulations.
  3. Public-Private Partnerships: Congress encourages public-private partnerships to improve the sharing of threat information and the development of collaborative cybersecurity solutions.
  4. Federal Oversight: Congress is considering legislation that would grant federal agencies more authority to oversee and enforce cybersecurity standards for critical infrastructure operators.

The Road Ahead

Addressing cybersecurity vulnerabilities in small-town water utilities and other critical infrastructure sectors is an ongoing process. The collaboration between state governments and Congress is crucial in developing a robust cybersecurity framework that can adapt to evolving threats. As cyberattacks on critical infrastructure continue to evolve, a comprehensive approach is necessary to safeguard essential services, ensuring the security and well-being of communities across the United States.


  •  Interested in learning more about what BBG does and how we can help? 
  • Disaster recovery, ransomware mitigation, enterprise web browsing and more, we can help keep your data safe.
  • Email us today at to get the conversation started!