Grants Available for Water & Wastewater Sector

In Fiscal Year 2023, through the Infrastructure Investment and Jobs Act, the Department of Homeland Security (DHS) is providing approximately $375 million to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, and territorial governments.

Posted Date: August 7, 2023

Closing Date for Applications: October 6, 2023

Expected Number of Awards: 56

Estimated Total Program Funding: $374,981,324

Award Floor: $500,000

Award Ceiling: $374,981,324

Each applicant must adopt key Cybersecurity Best Practices as required during the creation of the Cybersecurity Plan and within individual projects. The assessment and evaluation activities are meant to measure the successes and failures of adopted Cybersecurity Best Practices as outlined in the Cybersecurity Plan. In addition, the Cybersecurity Best Practices should consult the Cybersecurity Performance Goals (CPGs) to ensure a strong cybersecurity posture.

The Focus for 2023 Includes:

Understanding current cybersecurity postures and identifying areas for improvement based on continuous testing, evaluation, and structured assessments;

Ensuring organization personnel are appropriately trained in cybersecurity; and

Implementing security protections commensurate with risk.

To Apply:

Eligible applicants must submit their initial application through the portal at GRANTS.GOV

water treatment grants


According to, FEMA will evaluate applications for completeness and applicant eligibility. CISA will evaluate applications for adherence to programmatic guidelines and anticipated effectiveness of the proposed investments. The review will include verification of the following elements:

  • Understanding of current cybersecurity posture and areas for improvement;
  • Implementation of security protections commensurate with risk;
  • Training of organization personnel in cybersecurity;
  • Reduction of the risks the project was designed to address; and
  • Completion of the proposed projects within the 4-year period of performance.
Apply Now

Have Questions? We Have Answers!

What: Webinar on the Cybersecurity Grant

When: Thursday, August 24th, 2023

Red Trident will be putting on a live recording on Thursday, August 24th where we go over your questions regarding this grant program. If you have a question that you’d like answered, submit it here.

Either make a note to check our social media pages on the 24th or enter your email to be notified when the recording gets released.

Be sure to follow Red Trident on LinkedIn.

Water Sector & Cybersecurity


With many cities jumping on the smart city bandwagon, few are stopping to think about the implications of security breaches, especially within the water and wastewater sector.

Ransomware on computers can impact operations due to loss of systems or data, but incidents involving SCADA systems can have much more severe consequences. The City of Oldsmar incident showed how easy it can be for a malicious actor to make modifications, such as adjusting the sodium hydroxide to a level that would be toxic to people. Past events like this show how cybersecurity incidents at water treatment facilities can have the potential to cause serious harm to the public. They can also result in significant damage to plant, major outages, harm to the environment, serious regulatory actions, and major negative publicity.


Common Causes of Cyberattacks

Cybersecurity incidents aren’t always from specialist hackers trying to disrupt society. Reality is, rural systems are much more likely to experience an incident through other causes. The following is the list of likely causes, in priority order:

  1. Mistake made by authorized employee or contractor
  2. Current or former disgruntled employee or contractor seeking revenge
  3. Ransomware attack from organized crime or random individual
  4. Targeted attack from nation state

Basic Cybersecurity Recommendations for Water Sector

Some of the basic actions that can reduce the likelihood of a cybersecurity incident within the water or wastewater sectors includes the following actions

  1. Remove Insecure Remote Access: SCADA servers and HMIs should not be using remote access software such as Team Viewer, LogMeIn, Parallels Access, etc. Authorized users should only be able to access your SCADA resources through secure channels involving multiple layers of protection.
  2. Vulnerability Scanning & Penetration Tests: CISA’s Vulnerability Scanning is a free service that continuously assesses the health of your internet-accessible assets by checking for known vulnerabilities, weak
    configurations—or configuration errors—and suboptimal security practices. Once those findings have been remediated, we then recommend getting a penetration test performed with a purple team focus.
  3. Training & Awareness: Employees and contractors should be aware of the cybersecurity risks that exist, and the actions that they need to take to contribute to the mitigation of these risks. Red Trident offers a Prevention Training that includes general education, skill development, blue team preparedness, incident response preparedness, and other courses to ensure your organization has the right skills.
  4. Secure User Accounts: Tools such as Keeper and 1Password can be beneficial to make sure credentials are unique, strong and haven’t been leaked on the dark web.
  5. Proper Offboarding Processes: Since disgruntled former employees can pose a large risk, it’s vital to make sure you have a well documented offboarding process. It’s important to lay out who is in charge of each step such as collecting devices, removing access, etc.

Water Sector Threat Categories

EPA has grouped cyber-attacks on water utilities into two threat categories. One is cyber-attack on business enterprise systems, which includes computer-based communications, fnancial, data and record keeping, and other related systems. The second is cyberattack on process control systems, which includes electronic monitoring and control systems used for water collection, treatment, storage, and distribution across the utility. Image below is from

water sector cybersecurity

How Red Trident Can Help

Red Trident is very experienced in the water and wastewater treatment sectors. We’re one of the few OT cybersecurity companies that not only provides services like cybersecurity assessments, but we also offer remediation services and can help solve any issues that are outside of your team’s expertise.

We can help you with your application since we're familiar with the grant process

We can work with you on creating a budget that meets the requirements and that also works for your particular business

We can advise and help you identify areas of improvement through various types of assessments

We can be an extension of your team: whether it's helping with remediation, training your team or acting as an advisor when needed

Contact Us

(346) 708-8270

Why Red Trident

We work with you and do our best to be your cybersecurity partner. We listen to your concerns and make sure that we’re aligned with your business priorities. We don’t just come in, sell a service, write a report and walk away. We’re here for you. We explain our findings, answer any questions you might have and work with you to help where needed.

Unlike most ICS cybersecurity companies, we have the expertise to offer remediation services, especially when it comes to critical infrastructure. And if you have your own team, that’s great! We’re happy to take a step back as your team handles the remediation (or parts of it). We can also provide training to your team if they need some assistance. We’re flexible.

Our team consists of leaders in the ICS field with decades of combined experience in the public sector, private sector, and military. We’ve presented at major security conferences such as DEF CON, BlackHat, various ISAC’s, SANS ICS Summits, etc. We also understand how to communicate in a way that is easy to understand so you don’t end up feeling overwhelmed or confused.