Cybersecurity for utilities
At Xylem, we seek to inspire trust in our solutions, empowering customers to solve the world’s greatest water challenges with innovative products, services and solutions.
Our Security Strategy
Xylem is a technology company with a commitment to innovation, and the cybersecurity of our solutions through continuous improvement. Along with a risk‐based design and implementation approach, our engineering, development, and cybersecurity teams remain diligently focused on the identification and management of cybersecurity risk.
Our strategy includes:
- Secure software development processes guided by industry standard frameworks such as NIST CSF and ISA/IEC 62443-4-1.
- Select datacenters certified to standards including ISO 27001 and SOC 2 Type II.
- Membership in:
- Water Information Sharing and Analysis Center (ISAC)
- Joint Cyber Defense Collaborative (JCDC) for Industrial Control Systems (ICS)
- International Society of Automation Global Cyber Alliance (ISAGCA)
- American Water Works Association (AWWA)
- Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNA)
- Forum of Incident Response and Security Teams (FIRST)
- Partnership with world-renowned cybersecurity service provider Dragos, offering co-branded incident response and prevention services to Xylem’s customers worldwide.
Learn how to manage cybersecurity risks in the utility sector.
Xylem cybersecurity services and partnership
As more system operators adopt increasingly connected and integrated solutions, there is a growing need to ensure cybersecurity protections. Since cybersecurity requires a concerted effort:
-
Cybersecurity assessment services
Take advantage of our cybersecurity assessment services to help keep your systems secure.
-
Follow IT and cybersecurity best practices
You are encouraged to adopt widely accepted IT and cybersecurity best practices to protect your systems and data
-
Submit a water incident report
For more information about reporting an incident involving water resources, visit WaterISAC’s reporting page.
Xylem’s approach to product security
Digital transformations increase the importance of secure solutions
As technology transforms the water sector, making it more efficient, resilient, and cost-effective, having a strategy to address cyber risks in a digitally-connected world is key. To ensure digital transformation and operational resilience go hand-in-hand, governments, water operators, and technology partners must work together to keep critical water and wastewater systems safe.
Strong cybersecurity preserves the value of digital technology
Staying secure in a digital world is essential to safeguarding your success. A robust and agile cybersecurity program can keep water flowing safely and efficiently while minimizing disruption. Developing and maintaining a cybersecurity strategy requires expertise and continuous effort. At Xylem, we partner with our customers, utilities, suppliers, and other businesses worldwide to mitigate cyber risk and ensure their operations are resilient. Our cybersecurity approach helps to build customer trust, so that digital technologies can be used safely and seamlessly.
Our approach
Prioritizes:
- Secure solutions: We ensure our systems are secure by design – minimizing cybersecurity vulnerabilities and building in security features.
- Swift response: We monitor connected units’ performance to rapidly respond to any newly discovered threats to the system.
- Secure operations: We help customers to deliver optimally by staying on top of cybersecurity threats and protections.
Based on two key principles:
- An ongoing journey: Technology – and cyber risk – are always evolving. An effective cybersecurity program is a journey, not a destination, requiring continued vigilance and development.
- A shared process: While digital technologies support all elements of operations, they can also introduce risk. We partner with our customers to help them manage the risk and ease their concerns through shared responsibility.
Report security-related information
If you’ve identified a potential security issue, visit our contact page to report it directly to our cybersecurity team.