What is an ISAC?

Information Sharing and Analysis Centers (ISACs) are confidential venues for sharing security vulnerabilities and solutions within an industry. Presidential Decision Directive (PDD) 63 and Executive Order (EO) 13231 designated the water sector (and other industry sectors) as critical to the nation’s wellbeing and called for the establishment of ISACs to promote the flow of security information. Additionally, Homeland Security Presidential Directive (HSPD-7) encouraged the creation of private sector information sharing and analysis mechanisms, such as the WaterISAC, to protect drinking water and wastewater infrastructure from attack.

What does WaterISAC do?

The WaterISAC is an Internet-based, rapid notification system and information resource about threats to America’s drinking water and wastewater systems. It is the only centralized, up-to-the-minute resource of its kind serving the water sector. The WaterISAC functions as a highly secure, subscription service that gathers and quickly disseminates alerts, expert analysis and other information specific to the water community.

What are the key benefits of subscribing to WaterISAC?

    The WaterISAC’s unique position as the central clearinghouse for threats to the water sector provides utilities with unparalleled added security and therefore serves as a key component of due diligence for any drinking or wastewater system. It is the one common link in the flow of information about water security to and from utilities and federal homeland, intelligence, law enforcement, public health and environmental agencies.

    Subscribing to the WaterISAC may reduce a utility's liability for damages in the event of an attack and, at a minimum, provides excellent arguments for controlling insurance costs.

    All government alerts about potential or real threats to the nation’s water sector are quickly disseminated to WaterISAC subscribers around the clock. Utilities no longer have to worry about experiencing a threat or an actual incident that could have been avoided by more immediate notification.

    Above and beyond gathering and distributing secure, time-sensitive information, WaterISAC also provides immediate expert analysis of threats to the nation’s water systems and identifies trends. Raw information about security threats distributed by law enforcement and government agencies often fail to provide comprehensive detail about how a threat may impact a drinking water or wastewater system. The WaterISAC's analysts are intelligence gathering experts. They rapidly produce valuable assessments of how a threat may specifically impact the water community, identify trends and suggest mitigating actions.

    The WaterISAC library (with a robust search capability) offers subscribers a superlative compilation of data about vulnerabilities, emergency response, training opportunities, security solutions, research and government policy. Subscribers can rapidly study chemicals and potential contaminants, review past and current threat information, utilize vulnerability assessment tools and explore security solutions.

Who runs WaterISAC?

The WaterISAC is governed by a Board of Managers comprised of water utility leaders who are appointed by eight major U.S. drinking water and wastewater organizations.

How long has WaterISAC existed?

It went online at www.watersc.org in December 2002.

How is WaterISAC funded?

With Congressional support, the U.S. Environmental Protection Agency (EPA) provides the WaterISAC with an annual grant. This is augmented by subscription fees paid by drinking water and wastewater systems.

Who subscribes to WaterISAC?

More than 1,000 individuals, including CEO's and General Managers with security-related job responsibilities, at hundreds of drinking water and wastewater systems – large and small nationwide.

What are the technical requirements for obtaining electronic access to WaterISAC’s secure portal system?

  • 133 MHz or higher CPU
  • Windows 2000 or Windows XP operating system
  • Minimum 64 MB of RAM (128 MB of RAM preferred)
  • Minimum 2 GB hard disk (4 GB preferred) with 650 MB of free space
  • An available USP or PCMCIA port
  • Internet Explorer 6.x or higher (preferred), or Netscape version 7.x or higher
  • Floppy disk drive to load card reader drivers (for USB only)
  • Adobe Acrobat Reader 5 or higher

How much does it cost to become a subscriber?

Service* Population Annual Fees for Primary User Annual Additional Fees per User
Over 100,000 $1,000 $500
50,000-100,000 $500 $250
Less than 50,000 $200 $100

*Fees for joint wastewater and drinking water utilities are based on the greater of the two service populations. Utilities owning multiple systems subscribe based on population served per state.

Why is there any subscription fee at all for WaterISAC?

Although WaterISAC is a nonprofit organization, subscription fees help to offset costs not covered by funding provided by the EPA grant. Those costs include: hosting the secure portal; employing administrative staff and specialists; maintaining and constantly enhancing a vast library of water-related information and disseminating alerts.

How does my utility become a subscriber?

All U.S. drinking and wastewater systems may subscribe to the WaterISAC. Water system managers and security officers can speak with a WaterISAC customer service agent by calling (toll-free) 1-866-H2OISAC (1-866-426-4722) or download an application online.

After application, how long does it take for activation?

New users are equipped and activated within 2-3 weeks after WaterISAC receives their completed application.

How will any data or incident reports submitted to the WaterISAC by my utility be shared or used?

Information submitted by a utility will not be shared with any other subscribers or intelligence gathering agencies without prior permission.

How secure is WaterISAC portal and facility?

The portal is VERY secure from any unauthorized access. The online operation is hosted in a government designated “top secret” security clearance facility. Additionally, the system is protected through state-of-the-art, cyber security techniques. That also includes constant monitoring for unauthorized attempts to use or alter the system.




1620 I Street, NW, Suite 500

Washington, DC 20006