Abstract
This paper identifies, characterizes, maps, and prioritizes cyber-vulnerabilities in the industrial control systems which are used throughout the Water Sector (includes both drinking water and wastewater treatment facilities). This report discusses both technical vulnerabilities and business/operational challenges, with concentration on the technical issues. The priority order is based upon the research team’s review of the “Road Map to Secure Control Systems in the Water Sector,” DHS Control Systems Security Program documents, a CSET-CS2SAT evaluation, and from comments by the project advisory board and individual discussion with water sector personnel.