Cybersecurity Fundamentals for Water and Wastewater Utilities

Cybersecurity Fundamentals for Water and Wastewater Utilities

March 4-5, 2024 | Online :: Central Time

“I thought that the ‘Cybersecurity Fundamentals for Water and Wastewater Utilities’ course was a great tool for people to learn about how cybersecurity best practices and how to prevent major cyberattacks from happening.” Junior Application Specialist, Automated Control Concepts

The Cybersecurity Fundamentals course for water and wastewater utility professionals will provide a general overview of successful cybersecurity program development. Designed for organizational leaders in the water and wastewater industry, this online course provides practical knowledge of basic security measures that can be implemented to address risks associated with the most common cyberattacks. 

The key take-away from this course is to provide organizational leadership with knowledge needed to be able to ask their team of cybersecurity professionals the right questions when conducting an internal assessment of their organization’s cybersecurity posture and ability to be resilient to cyberattacks. 

Register today to learn about:

  • The most common cyber threats
  • Specific counter measures that can be employed by any organization
  • The role organizational culture plays in impacting risk-mitigating activities against water and wastewater facilities’ critical infrastructure
  • Leaders will also develop an understanding of how people, processes and technology all work together to improve cyber defense efforts

Learning Outcomes

  • Analyze leading trends in next-gen cyber challenges and innovative solutions
  • Describe and compare cybersecurity frameworks and compliance models
  • Discuss social engineering, ransomware, and email/media channel compromise mitigation
  • Discuss identification and protection of high value assets in critical infrastructures
  • Review assessment and risk management approaches and incident management methods
  • Examine supply chain and partner risks and cyber contracting and litigation issues
  • Communicate strategies for effective cybersecurity budgeting and prioritization



Monday, March 4, 2024 : Central Time

8:45 – 9:00 a.m.
Log In and Welcome

12:00 – 12:30 p.m.
Lunch Break

9:00 a.m. – 4:00 p.m.
Course Timing


Introduction to Cyber Threat for Water and Wastewater Utilities

  • The Most Common Cyber Threat Attack Vectors
  • Who Are the Attackers and What Do They Want?
  • The Basics about Advanced Persistent Threat (APT) Teams

Best Practices from Water ISAC, NIST, ISO, and CIS

  • Water ISAC Best Practices
  • Cyber Policy and IT Security Frameworks
  • Social Engineering
  • Being Smart in the Digital World

Lunch Break

Common Exposures of Email, Media, Supply Chain, Etc.

  • Definitions
  • Email Security
  • Social Media and Related Security
  • Supply Chain
  • Process Control
  • Procurement Controls

Ransomware and Other Common Malware Variants

  • Definitions of Malware Variants
  • Ransomware Discussion

Common Adversary Methodologies

  • Cyber “Kill Chain”
  • Adversary Tactics, Techniques and Procedures (TTPs)
  • MITRE ATT&CK framework

Overview of Technical Counter Measures

  • Cybersecurity Hardware
  • Cybersecurity Software
  • Overview of Cloud Architectures
  • Basic Enterprise Architecture

Overview of Defensive Architectures

  • Defense In-Depth
  • Zero Trust
  • Secure Access Service Edge (SASE)


Tuesday, March 5, 2024 : Central Time

8:45 – 9:00 a.m.
Log In

9:00 a.m. – 12:00 p.m.
Course Timing


Basic Elements of Incident Response (Responding to Cyberattacks)

  • Cyber Incident Management Framework
  • Communications Planning
  • Cyber Incident Walk Through

Cyber Resiliency

  • Emergency Response Plan
  • The Triad of Emergency Response Planning – Business Continuity, Disaster Recovery and Cyber Incident Response
  • Continuity of Operations Plan / Disaster Recovery Plan
  • Crisis Management Teams
  • Manual Overrides and Temporary Manual Operations
  • System Redundancy

Assessing Risk and Making Risk-Based Decisions

  • Cyber Risks are different from Financial, and Operational Risks
  • Using Threat, Cybersecurity Assessments, Audits and Penetration Tests
  • Developing Meaningful Compensating Controls
  • Creating the Realistic Risk Assessment

Establishing the Value Proposition for Cybersecurity


Online Activity

Wrap up and Adjourn


Dr. Christopher Carter, Chief Information Officer (CIO), a Maryland Water Utility

Dr. Carter is an experienced IT and Cybersecurity leader with a Doctorate in Information Assurance and has cultivated process expertise across diverse mission disciplines. As Chief Information Officer for a large Maryland Water Utility, he served as the executive responsible for directing and managing the IT Department and leading a large team of staff, consultants, and implementation support specialists for IT and OT Management. He is accountable for ensuring that Water Utility Technology and Services are securely designed and implemented under constrained budgets and in full alignment with senior business leadership’s strategic goals and objectives. He was formerly the Technical Director for Cybersecurity and Cyber-Physical OT Security at Diplomatic Security at the State Department and has held several other Cybersecurity leadership roles in other civil agencies and the Department of Defense (DOD). 

Dr. Carter was formally trained as an architect with a minor in Solar Technologies in Colorado and maintains deep technical expertise across multiple domains, including Federal and State IT security and IT Service Management. He holds several industry certifications including a CISSP, CISM, ITIL Expert, and Project Management Professional. His specialties include architecture and cybersecurity planning, developing integrated security programs and solving IT service transformation challenges for large public organizations. Dr. Carter has taught a variety of IT courses, including the full set of Cisco CCNP courses, ITIL courses, IT security, and database development courses in the Federal Government. 

Christopher’s outside interests are as varied as his education. He is an avid craftsman, with expertise in ceramics and hand-building acoustic guitars. His volunteer and other leadership experience includes Toastmasters Club President, Boy Scouts Assistant Scout Master and wilderness expedition leader, SCUBA rescue diver and instructor, and Certified Professional Building Designer of solar buildings and integrated green energy systems. 

Online Delivery

We will be using Microsoft Teams to facilitate your participation in the upcoming event. You do not need to have an existing Teams account in order to participate in the broadcast – the course will play in your browser and you will have the option of using a microphone to speak with the room and ask questions, or type any questions in via the chat window and our on-site representative will relay your question to the instructor.

  • Microsoft recommends downloading and installing the Teams app if possible. You may also use the Edge browser or Chrome.
  • You will receive a separate email with a unique link to a personalized landing page which will include links to join all sessions of this event.
  • If you are using a microphone, please ensure that it is muted until such time as you need to ask a question.
  • The remote meeting connection will be open approximately 30 minutes before the start of the course. We encourage you to connect as early as possible in case you experience any unforeseen problems.


Please Note: This event is being conducted entirely online. All attendees will connect and attend from their computer, one connection per purchase. For details please see our FAQ

If you are unable to attend at the scheduled date and time, we make recordings available to all attendees for 7 days after the event


Cybersecurity Fundamentals for Water and Wastewater Utilities

March 4-5, 2024 | Online
Individual attendee(s) - $ 1195.00 each

Volume pricing also available

Individual attendee tickets can be mixed with ticket packs for complete flexibility

Pack of 5 attendees - $ 4,780.00 (20% discount)
Pack of 10 attendees - $ 8,365.00 (30% discount)
Pack of 20 attendees - $ 14,340.00 (40% discount)

Your registration may be transferred to a member of your organization up to 24 hours in advance of the event. Cancellations must be received on or before February 02, 2024 in order to be refunded and will be subject to a US $195.00 processing fee per registrant. No refunds will be made after this date. Cancellations received after this date will create a credit of the tuition (less processing fee) good toward any other EUCI event. This credit will be good for six months from the cancellation date. In the event of non-attendance, all registration fees will be forfeited. In case of conference cancellation, EUCIs liability is limited to refund of the event registration fee only. For more information regarding administrative policies, such as complaints and refunds, please contact our offices at 303-770-8800




EUCI is accredited by the International Accreditors for Continuing Education and Training (IACET) and offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard. IACET is recognized internationally as a standard development organization and accrediting body that promotes quality of continuing education and training.

EUCI is authorized by IACET to offer 1.0 CEUs for this event.

Requirements for successful completion of program

Participants must log in each day and be in attendance for the entirety of the course to be eligible for continuing education credit.

Instructional methods

PowerPoint presentations and open discussion

Upon successful completion of this event, program participants interested in receiving CPE credits will receive a certificate of completion.

Course CPE Credits: 11.0
There is no prerequisite for this Course.
Program field of study: Specialized Knowledge
Program Level: Basic
Delivery Method: Group Internet Based
Advanced Preparation: None

CpeEUCI is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: