America's Water Infrastructure Act §2013 (SDWA §1433) requires community water systems to certify a Risk & Resilience Assessment and an Emergency Response Plan on a statutory 5-year cycle. CyberICS delivers 300+ ready-to-run OT scenarios — treatment-process manipulation, SCADA loss, contamination response — with AI-generated After Action Reports whose findings feed both the ERP and the next RRA recertification.
AWIA §2013 applies to community water systems serving more than 3,300 people, with certification deadlines staggered by population served. The Emergency Response Plan must be exercised, and its findings feed the 5-year Risk & Resilience Assessment.
Drinking-water utilities serving more than 3,300 people must certify a Risk & Resilience Assessment and an Emergency Response Plan to EPA, and revise the ERP within 6 months of each RRA — exercise evidence feeds both.
Treatment and distribution operations reliant on SCADA, dosing control, and lift-station PLCs must exercise safe-state decisions, manual-operations continuity, and public-health notification under the ERP.
Utilities participating in state WARN (Water/Wastewater Agency Response Network) mutual-aid arrangements must exercise activation, indicator sharing, and shared-vendor risk when a regional campaign hits several systems at once.
The Emergency Response Plan's exercise, notification, and continuity duties are the ones most directly addressed by tabletop exercises. The 5-year RRA/ERP cycle and the annual ERP practice clock are tracked live.
| Standard | Title | Key Requirement Addressed | CyberICS Capability | Relevance |
|---|---|---|---|---|
| SDWA §1433(b) | Emergency Response Plan | Maintain an ERP that incorporates RRA findings; exercise the plan's roles, alternate-supply, and interconnection arrangements. | A formal, evaluated ERP activation exercise with named roles; the AAR is the exercise record with plan-deviation findings for certification. | Direct |
| ERP Exercise | ERP Exercise (Annual Practice Clock) | Exercise the ERP regularly. AWIA fixes no interval; annual exercising is the prevailing EPA/CISA preparedness expectation. | Six sequenced water-sector scenarios plus a formal ERP test; live tracking of the 12-month practice clock from completed sessions. | Direct |
| SDWA §1433(a) | Risk & Resilience Assessment (5-Year) | Recertify the RRA to EPA every 5 years; exercise findings inform the malevolent-act and cyber sections. | Readiness trend, recurring-gap memory, and the remediation tracker feed the assessment update on the statutory 5-year clock. | Supporting |
| Public Notification | Public Health & State Primacy Coordination | Coordinate boil-water/do-not-use advisories and public communication with the state primacy agency and health authorities. | Contamination and dosing-attack scenarios exercise advisory criteria, sampling strategy, and coordinated public messaging under pressure. | Scenario |
| Cyber Controls | SCADA & Third-Party Access Controls | Address cyber controls surfaced in the RRA — SCADA protection, vendor remote access, and baseline integrity. | SCADA-loss and vendor-access scenarios exercise manual operations, access revocation, and PLC baseline verification with a thin bench. | Scenario |
| Mutual Aid | WARN Mutual-Aid Activation | Coordinate mutual aid and indicator sharing during a regional event affecting multiple utilities. | The capstone regional-campaign scenario exercises WARN activation, WaterISAC/CISA coordination, and shared-vendor risk management. | Scenario |
Three platform capabilities work together to exercise the Emergency Response Plan and feed the 5-year assessment cycle.
Live Session mode provides a structured, real-time exercise environment. Participants join by code, respond to scenario steps, and all activity is timestamped — creating an auditable exercise record.
CyberICS's AI engine generates a structured AAR immediately after each exercise — documenting gaps identified, recommended corrective actions, and framework alignment.
The Compliance Dashboard generates per-framework evidence packages — a multi-page audit PDF covering exercise log, controls mapping, gap analysis, remediation timeline, and formal attestation page.
Six high-fidelity water and wastewater scenarios are immediately available, sequenced from foundational to advanced. Each exercises ERP procedures across your operations, public-health, and executive teams.
A remote session raises the sodium hydroxide setpoint far beyond normal. Tests safe reversion, verifying water already in distribution, and the do-not-drink advisory decision with public-health authorities.
SCADA servers and the historian go offline; pumps run on last setpoints but visibility is gone. Tests manual rounds across remote sites, tank-level management, and the 72-hour manual-operations horizon.
Taste/odor complaints cluster in one pressure zone while lab results are hours away. Tests emergency sampling, precautionary advisory tradeoffs, and coordinated state/county/media messaging.
A planned, evaluated ERP activation — roles and succession, emergency interconnection, generator/chemical contingencies, and LEPC coordination. Deviations feed the ERP revision and RRA cycle.
The SCADA integrator's account logs in at 03:00 and browses lift-station PLCs. Tests severing/rotating third-party access, PLC baseline verification, and reworking the access model.
Three utilities report the same intrusion pattern — all share your SCADA vendor. Tests WARN activation, indicator sharing, WaterISAC/CISA coordination, and governing-board briefing.
Plus 59 additional scenarios across Energy, Oil & Gas, Manufacturing, Healthcare, Maritime, and more. Browse the full library →
Every CyberICS exercise automatically generates four categories of evidence that map directly to Emergency Response Plan and RRA documentation.
AI-generated structured PDF with gap analysis, corrective actions, and framework references. Ready within minutes of exercise completion.
Multi-page per-framework audit PDF: exercise log, controls mapping, gap analysis, remediation timeline, and signed attestation page.
Timestamped record of all participant responses, host actions, and step progression. Demonstrates real exercise activity to auditors.
Gaps identified in the exercise are automatically pushed to ServiceNow or Jira as remediation tickets — creating a documented corrective action trail.
CyberICS exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.
Start free with a 14-day trial — no credit card required. Or talk to our water sector team about ERP exercise programs feeding your 5-year RRA cycle.
Also explore: CISA CPG Toolkit · NIST SP 800-82 Toolkit · IEC 62443 Toolkit