New York Launches Cybersecurity Standards and $2.5 Million Grant Program for Water Systems

New York State has introduced new cybersecurity regulations and a $2.5 million grant program to strengthen protections for drinking water and wastewater systems. State agencies developed the framework to address rising cyber risks as utilities adopt more digital and connected technologies.

The regulations establish minimum cybersecurity standards for water utilities across the state. Requirements include mandatory operator training, incident reporting protocols, risk-based security controls, and designation of cybersecurity leads for larger systems. Utilities must implement measures based on system size and operational complexity, with full compliance expected by 2027.

The Departments of Environmental Conservation and Health developed the standards, aligning them with federal guidance from the U.S. Environmental Protection Agency and the Cybersecurity and Infrastructure Security Agency. The program also includes centralized resources, training, and advisory support to help utilities meet compliance requirements.

The initiative focuses on protecting critical infrastructure that supports public health and economic stability. Water and wastewater systems serve millions of residents and increasingly rely on digital control systems, making them vulnerable to cyber threats.

The program will help utilities strengthen system resilience, improve incident response, and maintain reliable service delivery across New York.