Commissioner's Column: 'Cybersecurity in a Box' available for water systems

Written By Alyssa Rosenzweig

On December 2, I was pleased to attend a Town of Seabrook selectmen’s meeting to thank the Town for being one of the first communities to participate in the Overwatch Cybersecurity In a Box program. Curtis Slayton, Seabrook Water Superintendent, spoke on behalf of the Town’s Water Department regarding their experience with the project. Alyssa Rosenzweig, Overwatch Deputy Director, spoke about the grant program and the role of Overwatch in implementing the program in the Town’s drinking water and wastewater departments. I stressed the importance of securing water and wastewater systems, and I was speaking not only as the Commissioner of NHDES, but also as the Governor’s Advisor for Utility Critical Infrastructure Cybersecurity. You can watch a video of the presentation before the Seabrook Board of Selectmen online.  

In today’s online world, none of us are immune from the risks of cyberattacks. Every day, it seems like there is another story of one of our cities or towns being impacted by cyber-criminals. Nation-states manipulate weak security systems to disrupt our activities or hold captive critical information. Because of this, NHDES has been promoting an increase in cybersecurity awareness and the evaluation and reduction of vulnerabilities in drinking water and wastewater systems statewide. In these efforts, we saw a need to provide these systems with more direct assistance from cybersecurity experts to implement needed improvements. NHDES set out to develop a pilot program to do just that. 

In the fall of 2023, the New Hampshire Department of Information Technology (NH DoIT), in partnership with NHDES, issued a Cybersecurity Pilot Project request for proposals seeking an organization to provide comprehensive cybersecurity services. These services were to include assessments and the implementation of recommendations to improve the cybersecurity of large community water systems and wastewater systems. The pilot program includes: 

  • Creating project plans to improve the cybersecurity of systems based on their assessment results. 

  • Providing professional services to the systems to complete the project plan to improve system cybersecurity. 

  • Working with system SCADA integrators and information technology providers to provide, install and configure equipment required by the project plan. 

  • Providing any necessary training to system personnel.  

The Overwatch Foundation, a New Hampshire-based nonprofit group, was selected to create turnkey programs for community drinking water and wastewater systems called “Cybersecurity In a Box. The “Cybersecurity In a Box” program focuses on closing the most critical cybersecurity vulnerabilities identified and providing a uniform baseline of security upgrades that includes replacing hardware and software, redesigning networks and improving overall cybersecurity protections. This cybersecurity mitigation solution builds a system that can be deployed efficiently and renewed affordably on a defined cycle. Most importantly, it provides the training and support for water system staff, and the technology professionals that support them, to learn the tools, techniques and procedures of properly supporting water cybersecurity for decades to come. Selected systems receive appropriate hardware, software, training and technical support for a three-year period, after which they are expected to have in place the expertise (either in-house or contracted) and financial support to sustain required processes, protections and system upgrades. 

The program is free to the water systems and uses $4.2 million in American Rescue Plan Act (ARPA) and State Revolving Fund (SRF) set-aside funding. Readiness assessments have been completed for five pilot water systems in the towns of Seabrook, Wilton, Goffstown, Woodsville and Antrim/Bennington.  

I want to urge all municipalities that haven’t already taken steps to learn more about what they should be doing to protect their systems from cyber threats to join NHDES on Wednesday March 5, 2025, for an in-person “Water Sector NH Cyber Response Plan Workshop.” NHDES is hosting this event along with NH DoIT, the Federal Cybersecurity and Infrastructure Security Agency (CISA), and Primex. The workshop will offer information regarding the Overwatch Foundation and the services it offers; real-life case studies; information technology; operational technology; drinking water and wastewater cross training; cyber response plans; information on how hackers hack; as well as a panel discussion on partnerships. Registration information will be coming soon. Contact Brenda Leonard at [email protected] with questions. 

Cyberthreats to New Hampshire’s drinking water and wastewater utilities are real. Water sector organizations across the country are trying to tackle this constantly changing and complex topic. NHDES looks forward to continuing our work with Overwatch to assist as many drinking water and wastewater utilities in the state as possible. To learn more about how the Overwatch Foundation could assist your city or town, visit the Overwatch website.  

Alyssa Rosenzweig
Previous

Robert Scott: 'Cybersecurity in a Box' to defend our critical water systems
Next

How One State Defends Its Drinking Water from Cyber Attacks