b'SECTION II - SECTION II -KEY PRIORITIES AND RECOMMENDATIONS KEY PRIORITIES AND RECOMMENDATIONSmay not receive the appropriate prioritization132. Assign, coordinate and measureContinuity, Reliability and149.Review staffing of the Waterwhen compared with other critical IT needs.progress on identified mitigationAccountability in OperationsQuality Division to include Addressing overall IT prioritization to ensure riskactions. emergency response and and resilience are key components in decision- Single points of failure, lack of situationaloperations for regulatory making and building a dedicated budget and/orawareness and poorly documented processescompliance.fast-track for critical cybersecurity projects wouldResilient Infrastructure and improve WSSC Waters overall cyber and non- Systems and procedures are all key risks for continuity, reliability and accountability in operations.Addressing Evolving Cyber Risk cyber security and resilience. Creating data-informed decision support toolsand Building Cyber Resilience Recommendations Operations are the heart of WSSC Water.and assessing, updating, drafting and organizing They are the organizations primary purpose,appropriate policies and procedures can assist inWSSC Water relies on information technology Enterprise Risk Management andwhich other organizational elements support.overcoming the loss of institutional knowledge Mitigation of Risks, Focus on the ClimateUnderstanding day-to-day operations, monitoringand provide for a more effective early-warning ofand communications systems to meet its mission Emergency the health and status of the system and makingpotential crises. a reliance that is likely to grow as the utility key investments in assets to ensure servicecontinues to improve operations.Ensuring that Understanding and responding to an evolving riskare steps we can take to improve operational142.Establish an enterprise-widethese systems are secure, available, and reliable landscape is critical to ensuring WSSC Watersdespite the constant and evolving threat from operational resilience. Addressing a variety ofefficiency and reliability. common operating picturea variety of malicious actors is critical to overall risks from diverse perspectives internally andthat leverages technology, dataresilience.133.Right-size the budget forand people for a single and externally and then identifying the highest priority appropriate capital improvementscomprehensive view of WSSC150.Prioritize good cybersecurity and greatest return on investment from resilienceto address needs withWater operations in real time. and mitigation investments is also critical. WSSCconsideration for resiliency and143.Implement and resourcepractices and trainings for all Water should be a leader in efforts to combatWSSC Water personnel. risk reduction as well as internalappropriate staff to assist151.Conduct regular cybersecurity and/or reduce the impacts of climate change. capacity for execution. managers in assessing, updating or 134.Evaluate current sewerdrafting key Standard Procedurestabletop and functional exercises 127. Establish a new, charteredfor incident response readiness. committee to oversee andreconstruction program to(SPs) and Internal Operating152.Manage projects, policies, and determine opportunities forProcedures (IOPs). facilitate risk and resilienceimprovement.144.Create a single location and/ procedures to meet CIS 8.0 and efforts across the enterprise. NIST recommendations.128. Prioritize the development of153.Use best-of-breed 135.Increase meter and transmitteror resource for all IOPs, like inventory.the website, for regulations and climate adaptation and mitigation136.Identify a suite of options tostandard procedures.cybersecurity technologies to studies and plans to address theprotect the legacy and current enhance raw water source145.Continue the work of the immediate and emergent needinfrastructure.for action on climate change.resiliency and efforts related toSupply Chain Task Force to154.Ensure IT risk is visible by the Travilah Quarry.systematically address and129. Resolve issues related to WSSCEnterprise Risk Management 137.Develop backup electrical feedsinstitutionalize mitigation policies, Waters climate adaptation andProgram. emission reduction strategies. and generator capacities asprocedures and procurement 130. Conduct regular risk andneeded at facilities. methodologies to avoid critical138.Modernize WSSC Watersupply and inventory shortages resilience assessments that identify, evaluate, rank andproperties supporting operations,that could impact operations. including upgrades to facility146.Implement a more modern and prioritize risk, risk-reduction strategies, hazard mitigation andconditions. robust capability for monitoring 139.Reassess current strategies tosupplies and inventories to climate adaptation strategies.131. Ensure clarity in roles andreduce and eliminate inflow andprovide early warning on supplyresponsibilities among variousinfiltration. challenges and proactively internal stakeholders with140.Revise pipe replacement process. implement mitigation measures. responsibility for risk and 141.Engage regulatory and local147.Re-launch the strategic sourcing risk reduction, includingmunicipalities to clarify streamchemicals initiative. maintenance and restoration148.Consider expansion of modern, enterprise risk management, asset management and energyresponsibility. interoperable radio systems to management, along with theemployees in plants and depots Police & Homeland Security,for coordination and redundancy. Engineering & Construction, and Finance departments.32 WSSC Water 2023 Transition Report WSSC Water 2023 Transition Report 33'