WaterISAC Incident Survey (January 1 - June 30, 2016)

Twice each year, WaterISAC asks water and wastewater utilities to complete a survey of incidents, threats and suspicious activity occurring at their facilities in the previous six months. The survey results will inform WaterISAC’s bi-annual Water Sector Threat Analysis Report. Many respondents have completed the survey in the past and WaterISAC appreciates your input.

Your help is needed again to complete the current survey, covering January 1 - June 30, 2016. We ask for full participation, to make the threat report as robust as possible.

You may leave and re-enter the survey to update your response at anytime until the deadline of 11:59 PM on July 29, as long as you use the same computer and have not yet submitted your response.

Questions with an asterisk (*) require an answer.

Question Title

* 1. What will WaterISAC do with your response?

WaterISAC requests your permission to aggregate the numerical information you provide with that of other respondents and to anonymize details of any reported incidents for use in the upcoming Water Sector Threat Analysis and similar products. Numerical information will be presented only as nationwide totals. Details of incidents, if used, would be presented in complete anonymity such as: "In March, one water utility reported its website had been defaced by possible supporters of the Islamic State."

Confidentiality: As with any incident information provided by a utility to WaterISAC, only WaterISAC staff will see your survey responses. WaterISAC's policy is to never share details of a utility's security incidents or related information with any other entity except with the utility's express permission. This policy applies regardless of whether the utility is a member or non-member. What’s more, as a private organization, WaterISAC is not subject to public disclosure laws.

May WaterISAC have your permission to use the information you provide in an aggregated and anonymized format in the upcoming Water Sector Threat Analysis and similar products?

Yes

Question Title

* 2. Your Information

Your Name

Utility Name

Utility Type (drinking water, wastewater, or combined)

City

State

Phone Number

Email Address

Question Title

* 3. PHYSICAL SECURITY INCIDENTS

Please indicate the number of malicious physical security incidents that occurred or were attempted (combining the number of completed incidents with the number of attempted incidents) at or against your utility between January 1 and June 30, 2016.

Please provide details of noteworthy incidents under question 4.

Sabotage/tampering

Contamination of water supplies

Contamination of wastewater

Surveillance

Threat against facility or people (e.g., threat of contamination, bomb threat)

Theft of equipment, supplies, chemicals, or funds

Vandalism, defaced or damaged property

Other physical security incident

Question Title

* 4. Please provide details on any noteworthy physical security incidents (e.g., motive of perpetrator(s), damages caused, response actions taken).

Question Title

* 5. CYBERSECURITY INCIDENTS

Please indicate the number of malicious cybersecurity incidents that occurred (omitting the number of attempted incidents) at or against your utility's information systems between January 1 and June 30, 2016?

Please provide details of noteworthy incidents under question 6.

Intrusion into/attack on your industrial control/SCADA system

Intrusion into/attack on your business/enterprise information system

Other cybersecurity incident

Question Title

* 6. Please provide details on any noteworthy cybersecurity incidents (e.g., motive of perpetrator(s), damages caused, response actions taken).

Question Title

* 7. In your estimation, which three of the following represent the greatest risks to your utility (select three)?

Trespassing/suspicious activity by drones

Intrusion into/attack on business/enterprise information system

Intrusion into/attack on industrial control/SCADA system

Theft of equipment, supplies, or funds

Tampering or destruction of water utility assets

Extreme weather or other natural disaster

Intentional contamination of drinking water

Contagious disease outbreak (e.g., Ebola, Measles, MERS)

Electronic scams intended to defraud victims (e.g., Business Email Compromise [BEC] scams, ransomware)

Intentional contamination of wastewater

Targeting of law enforcement/security personnel

Theft of hazardous chemicals

Question Title

* 8. In your estimation, which of these actors represents the greatest risks to your utility (select one)?

Homegrown violent extremists inspired by foreign terrorist groups

Domestic anti-government extremists

Foreign terrorists

Common criminals (e.g., vandals, thieves)

Insiders (current or former employees or contractors)

Question Title

Question Title

* 2. Your Information

Question Title

Question Title

* 4. Please provide details on any noteworthy physical security incidents (e.g., motive of perpetrator(s), damages caused, response actions taken).

Question Title

Question Title

* 6. Please provide details on any noteworthy cybersecurity incidents (e.g., motive of perpetrator(s), damages caused, response actions taken).

Question Title

* 7. In your estimation, which three of the following represent the greatest risks to your utility (select three)?

Question Title

* 8. In your estimation, which of these actors represents the greatest risks to your utility (select one)?

Question Title

* 9. If you have any questions, comments or suggestions, WaterISAC welcomes them.