Building Cyber Resilience in Water Utilities – Insights from the BAYWORK Panel 

This article contains and answers the following:

Water utilities cybersecurity: Security measures and practices specifically designed to protect water and wastewater utilities from cyber threats.

Defense-in-Depth approach: A multi-layered security strategy that includes various defensive measures to protect against cyber threats.

  • Why is cybersecurity important for water utilities?
  • How can West Yost help water utilities enhance their cybersecurity posture?

In February, West Yost’s Andrew Ohrt joined industry experts at a BAYWORK panel to discuss a critical issue facing water utilities: cybersecurity resilience. The session, Building Cyber Resilience – Aligning IT and OT, brought together national and local leaders to share real-world experiences and strategies for defending essential water infrastructure against ever-evolving cyber threats. 

The Growing Importance of Cybersecurity in Water Utilities 

Water and wastewater utilities are high-value targets for cyber threats, often facing risks from nation-state actors and ransomware attacks. These adversaries seek to infiltrate networks and remain hidden, positioning themselves for potential disruption in the future. The discussion emphasized that cybersecurity is no longer optional—it’s an operational necessity. 

To address these threats, utilities must adopt a Defense-in-Depth approach, ensuring multiple layers of security and response mechanisms. Key strategies discussed included: 

  • Establishing a Cybersecurity Culture – Leadership buy-in, budgeting for cyber resilience, and fostering awareness at all levels. 
  • Threat Detection and Response – Using cybersecurity hygiene scans, network monitoring tools, and incident response plans. 
  • Collaboration with CISA – Taking advantage of free federal cybersecurity services, including vulnerability assessments, incident response support, and intelligence sharing. 
  • IT & OT Alignment – Bridging the gap between information technology (IT) and operational technology (OT) teams to improve security and efficiency. 

BAYWORK: Strengthening Workforce Preparedness 

This critical conversation was hosted by BAYWORK, a collaborative initiative focused on ensuring operational reliability in water and wastewater utilities. Established in 2009, BAYWORK is dedicated to workforce development, training, and research to prepare mission-critical staff for evolving industry challenges—including cybersecurity. 

Interested in learning more? BAYWORK is open to all Bay Area water and wastewater utilities. To explore membership opportunities and resources, visit: https://www.baywork.org/ 

How West Yost Can Help: Strengthening Cyber Resilience 

Cybersecurity is a shared responsibility, and no utility can afford to navigate these challenges alone. West Yost has deep expertise in water sector cybersecurity and is actively working with clients to assess risks, implement best practices, and develop tailored cybersecurity strategies. 

This event also provided valuable visibility for West Yost and aligned well with many our We Statement values, including: 

  • We support our communities – By actively engaging in industry discussions that help safeguard critical water infrastructure. 
  • We solve challenging problems – By sharing our expertise and collaborating with industry leaders to tackle emerging cybersecurity threats. 
  • We see the bigger picture – By helping utilities build long-term resilience through strategic cybersecurity planning. 
  • We are water-focused – By ensuring cybersecurity solutions are tailored specifically to the needs of water and wastewater utilities. 
  • We collaborate – By working closely with agencies, federal partners, and industry groups to advance cybersecurity best practices. 

If your utility is looking to enhance its cybersecurity posture, reach out to West Yost to discuss how we can support your team in securing your operations against emerging threats. 

The Baywork Panel was Facilitated By Andrew Ohrt, Resilience Practice Area Lead, OTCR

Andrew Ohrt, PE, CISSP is a water sector resilience specialist, with a focus on cyber-resilience. In addition to leading West Yost’s Resilience Practice, he also oversees our partnership with Idaho National Laboratory and the American Water Works Association to implement Cyber-informed Engineering (CIE) in the Water Sector. Andrew has led numerous initiatives, including supporting clients’ compliance efforts with the America’s Water Infrastructure Act of 2018. Over his career he has led over 50 risk and resilience assessments and numerous related cybersecurity and emergency preparedness projects. Through West Yost’s partnership with INL and AWWA he has helped shape cross-sector and water-sector guidance since 2019. In 2023, he coauthored a Harvard Business Review article entitled Engineering Cybersecurity into U.S. Critical Infrastructure

About Us

Established in 1990, West Yost is a water resource management, engineering, and consulting firm. We are solely focused on water. Our core areas of expertise include water, wastewater, recycled water, groundwater, and stormwater management. Our services include planning, design, construction management, cybersecurity, and program management. 

Headquartered in Davis, California, West Yost operates from 10 offices and has a team of 245 dedicated professionals. Our staff comprises certified or registered experts in various fields, including chemical, civil, control systems, electrical, environmental, and mechanical engineering, as well as geology, hydrogeology, and wastewater treatment.