WaterISAC conducted a webcast on the NIST Cybersecurity Framework on Tuesday, July 22, 2014. WaterISAC's guest was Cheryl Santor, CGEIT, CISM, CISSP, CISA, the Information Security Manager for the Metropolitan Water District of Southern California.

The NIST Cybersecurity Framework is a set of best practices derived from consensus-based IT and industrial control systems security standards. Water and wastewater systems are not legally required to implement the Framework, but the Federal government is urging all critical infrastructure owners and operators to do so voluntarily in order to reduce their risks from possible cyber attacks against their IT and industrial control systems. The goal of the webcast was to help the water sector get started using the Framework by providing attendees a basic understanding of its components and recommendations. The webcast also highlighted various programs, guidance and tools to help the water sector implement the Framework, such as the AWWA Cybersecurity Guidance & Tool.

A recording of the webcast (contained in a downloadable zip file) and the presentation are included below. Also provided is the table provided by DHS and NIST for conducting an assessment. The Metropolitan Water District of Southern California expanded on the table and inserted pertinent information it wanted to gather as a company. It has been using this to gather information for its assessment.