Creating incident response plans that define how utilities plan to respond during cyber incidents is crucial for allowing organizations to better recover from potential cyber attacks.

An effective cyber incident response plan (IRP) will limit damage to an organization’s operations and reduce recovery time and costs. Most importantly, IRPs need to be in place and tested before a cyber incident. In other words, regularly exercising the IRP is crucial.

Besides creating an IRP there are a few tips organizations can implement to strengthen response and recovery efforts:

• Promote awareness and socialization of your IRP throughout your organization
• Evolve your IRP as your organization adopts new technologies
• Test your IRP to determine if there are any flaws in the plan
• Establish a zero-day budget for recovery efforts
• Exercise your IRP regularly

Moreover, this connects to one of WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities, #11 – Plan for Incidents, Emergencies and Disasters. Another great resource for cyber incident response planning for water and wastewater utilities is the EPA Cybersecurity Incident Action Checklist. Read more at HelpNetSecurity.