Indiana Expands Cyber Analysis to Include Water Facilities

The Indiana Office of Technology and the Indiana Department of Environmental Management (IDEM) are expanding their partnership with Purdue University and Indiana University (IU) to safeguard an essential utility for state residents: water.

The agencies and universities are broadening the scope of their Cybertrack program, adding utilities that manage water and wastewater services to help address vulnerabilities in these local government systems.

Through the partnership, cybersecurity experts and students from Purdue’s cyberTAP and IU’s Center for Applied Cybersecurity Research will evaluate the digital defenses of water and wastewater facilities. After conducting assessments, the team will provide a detailed road map for improving security, personalized to each facility’s needs. With the expansion, the program is now open to other non-local government agencies in the state.

“Our partnership over the past two years with Purdue University and Indiana University has been incredibly beneficial to the nearly 100 local governments that have taken part in the cybersecurity assessments,” Tracy Barnes, Indiana state chief information officer, said in a news release. “Water facilities are frequently being targeted, and it’s important that we provide them with clear direction on how to improve their cybersecurity.”

The initiative addresses a pressing issue highlighted by federal agencies: smaller utilities often lack the resources to develop and maintain comprehensive cybersecurity measures. With attacks on water and wastewater systems increasing, the consequences of a successful breach could disrupt clean water access for entire communities, posing financial and public health risks.

IDEM Commissioner Brian Rockensuess emphasized the importance of safeguarding public utility systems in a statement, calling on all water utilities to participate in the program.

“We strongly encourage Indiana drinking water and wastewater utilities to take advantage of this opportunity. Safeguarding the integrity of public utility infrastructure is vital to ensuring safe, clean water for Hoosiers,” he said.

The Cybertrack program was originally launched in 2022. It was designed to support local governments by originating a cybersecurity assessment methodology for them that incorporated frameworks like those from the Center for Internet Security and the National Institute of Standards and Technology. To date, nearly 100 assessments have been done on behalf of locals; plans are to complete at least 342 through 2026.