{"id":194983,"date":"2026-03-11T19:21:00","date_gmt":"2026-03-11T23:21:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/11\/new-york-unveils-new-cyber-regulations-for-water-treatment-facilities\/"},"modified":"2026-03-11T19:25:09","modified_gmt":"2026-03-11T23:25:09","slug":"new-york-unveils-new-cyber-regulations-for-water-treatment-facilities","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/11\/new-york-unveils-new-cyber-regulations-for-water-treatment-facilities\/","title":{"rendered":"New York unveils new cyber regulations for water treatment facilities"},"content":{"rendered":"<p><a href=\"https:\/\/statescoop.com\/water-wastewater-new-york-cybersecurity-regulations\/\">New York unveils new cyber regulations for water treatment facilities<\/a><\/p>\n<p><a href=\"https:\/\/statescoop.com\/water-wastewater-new-york-cybersecurity-regulations\/\">https:\/\/statescoop.com\/water-wastewater-new-york-cybersecurity-regulations\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-11 19:21:00<\/a><\/p>\n<p>Source Domain: <a href=\"statescoop.com\">statescoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>After announcing last summer that New York\u2019s drinking water and wastewater facilities would be held to a more stringent set of cybersecurity standards, Gov. Kathy Hochul on Wednesday unveiled the completed regulations, along with a $2.5 million grant program designed to aid facilities in conducting risk assessments and implementing upgrades.<\/p>\n<p>In a press release, Hochul\u2019s office called the new standards \u201cfirst-in-nation,\u201d a \u201ccomprehensive, unified approach\u201d to protecting a sensitive public-sector target. Colin Ahern, the state\u2019s former cyber director, who recently became New York\u2019s first director of security and intelligence, said the new rules move the state \u201cbeyond reactive defense.\u201d The new regulations are expansive: Treatment facilities are required to meet new reporting requirements after cybersecurity incidents, to establish written procedures for managing vulnerabilities and to protect all operational technology \u201cby separating it completely from information technology\u201d and \u201cexternal networks such as the internet.\u201d<\/p>\n<p>Facilities must implement common cybersecurity controls, such as limiting users\u2019 access to only systems they need, prohibiting the use of default credentials and requiring complex passwords and multifactor authentication. Larger treatment plants, those processing at least 10 million gallons of water per day, are required to begin monitoring and logging network activity. And treatment plant operators will be required to complete cybersecurity training, every five years, to renew their certifications (though the regulations offer assurance that their total training hours will not increase).<\/p>\n<p>A new $2.5 million grant program, called the Strengthening Essential Cybersecurity for Utilities and Resiliency Enhancements (SECURE) grant program, will provide grants of $50,000 for cybersecurity assessments and $100,000 for implementing cybersecurity upgrades. The Environmental Facilities Corporation, New York\u2019s water infrastructure bank, will administer the grants and lend the free aid of its \u201ccommunity assistance teams,\u201d to advise on cybersecurity best practices.<\/p>\n<p>The new regulations are timely, given the fresh military conflict in the Middle East. Critical infrastructure facilities, such as water treatment plants, are natural cybersecurity targets for hostile foreign nations. Shortly after the U.S. and Israel began striking Iran last month, the nonprofit Center for Internet Security warned its state and local government members that although Iran was occupied by the exigencies of physical warfare, there were signs of hacktivist groups organizing and that the United States should soon expect to see a wave of \u201clow-level cyber activity.\u201d<\/p>\n<p>And a group of 10 information sharing groups, including the Water Information Sharing and Analysis Center, on Wednesday issued a joint advisory warning of a \u201chighly volatile\u201d threat environment that includes the possibility of \u201cincreased cyberattacks from Iranian state-sponsored actors, hacktivists, and cybercriminal groups aligned with Iran.\u201d The information-sharing groups named numerous threat actors \u2014 Charming Kitten, Cyber Av3ngers, etc. \u2014 to watch for, and advised organizations to \u201cadopt a thoughtful, comprehensive cybersecurity strategy that enables them to allocate limited resources most effectively,\u201d and to \u201cprepare for the likelihood of increased activity by Iranian-aligned actors.\u201d<\/p>\n<p>\t\t\tWritten by Colin Wood<br \/>\n\t\t\tColin Wood is StateScoop&#8217;s editor in chief. Contact him at colin.wood@statescoop.com or cwood.64 on Signal.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New York unveils new cyber regulations for water treatment facilities https:\/\/statescoop.com\/water-wastewater-new-york-cybersecurity-regulations\/ Publish Date: 2026-03-11 19:21:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":194984,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2026\/03\/GettyImages-1390328461.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-194983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/194983"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=194983"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/194983\/revisions"}],"predecessor-version":[{"id":194985,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/194983\/revisions\/194985"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/194984"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=194983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=194983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=194983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}