In compliance with White House's recent Executive Order (EO) on cybersecurity, the National Institute of Standards and Technology (part of the Department of Commerce), in consultation with the Department of Homeland Security (DHS), is developing a set of practices that private industry, including public water and wastewater systems, can voluntarily adopt to improve their cybersecurity postures.
The EO requires the government to create a Cybersecurity Framework, which will be a collection of existing consensus-based standards and practices. There are no cybersecurity standards specifically for the water sector, but many utilities follow general IT or ICS standards. A draft Framework is due in October 2013, and the final version is due in February 2014.
Because the federal government lacks the authority to mandate cybersecurity regulations for water or wastewater systems, "compliance" with the Framework will be voluntary.