Page 1 of 1

SME Questionnaire Form - August 11

Publication Target Date: August 11


Submission Deadline: July 25


Article Working Title: Water and Wastewater: Securing the Sector That Cannot Staff a Security Team


Editorial Brief: Water and wastewater is the sector where the gap between what is at stake and what can be resourced is widest. Tens of thousands of systems, many of them small municipal utilities run by a handful of operators, deliver a service where a successful attack is a public-health event — and the documented incidents of remote manipulation of treatment set points have made that concrete rather than theoretical. The article should examine the sector honestly: the structural underfunding, the dependence on a small number of operators who carry the institutional knowledge, the exposure of internet-reachable HMIs and remote-access tooling, and the role of the data-center and industrial demand that is now reshaping water demand in some regions. It should treat the regulatory and support landscape — AWIA risk and resilience assessment obligations, the role of the Water ISAC, AWWA guidance, and the federal support and enforcement debate — without pretending the smallest utilities can execute a large-utility program. The practical core should be what a resource-constrained operator can actually do: the highest-value basics, free and low-cost support, mutual-aid models, and cyber-informed engineering approaches that reduce consequence without a large budget. Those lessons apply to every under-resourced operator of essential services.

About you

First Name

Last Name

Company/Organization

Job Title/Designation (to be used in feature)

Business Email

Short Bio

Upload headshot (JPG/PNG up to 5MB; Square 500×500px, 300 DPI recommended)

Question Set

What does the staffing and budget reality at small water or wastewater utilities typically look like, and how does that shape what their security programs can realistically accomplish?

What are the highest-value actions small water or wastewater utilities can take this year without additional headcount or significant capital investment?

How exposed are HMIs, remote access pathways, and treatment set points across small utilities today, and how reliable are current visibility and risk assessments?

How do requirements under the America’s Water Infrastructure Act (AWIA), along with guidance from WaterISAC and American Water Works Association (AWWA), translate into operational changes at utilities rather than remaining compliance documentation?

Which forms of support—federal, state, mutual-aid, or vendor-led—have delivered meaningful security improvements for small utilities, and where do the largest support gaps remain?

What does the broader water-sector cybersecurity conversation most often misunderstand about what small utilities can realistically achieve?

Thank you for your response!