💧 AWIA §2013 Water Sector Toolkit

Meet AWIA §2013 Emergency Response Plan Exercise Expectations
with AI-Powered Water/Wastewater Tabletop Scenarios

America's Water Infrastructure Act §2013 (SDWA §1433) requires community water systems to certify a Risk & Resilience Assessment and an Emergency Response Plan on a statutory 5-year cycle. CyberICS delivers 300+ ready-to-run OT scenarios — treatment-process manipulation, SCADA loss, contamination response — with AI-generated After Action Reports whose findings feed both the ERP and the next RRA recertification.

SDWA §1433 — 5-Year RRA / ERP Recertification Cycle
Emergency Response Plan Exercised End-to-End
Treatment-Process & SCADA-Loss Scenarios
WARN Mutual-Aid Coordination Built In
Start Free — 14-Day Trial Talk to Our Water Sector Team
Compliance Note: CyberICS's exercise scenarios reference AWIA §2013 (SDWA §1433) as part of a structured training and preparedness program. Exercising your Emergency Response Plan on this platform supports — but does not replace — the statutory Risk & Resilience Assessment and ERP certifications to EPA, which require engagement with your state primacy agency and qualified counsel. Consult your compliance and legal advisors for official determinations.
Applicability

Who Must Comply with AWIA §2013

AWIA §2013 applies to community water systems serving more than 3,300 people, with certification deadlines staggered by population served. The Emergency Response Plan must be exercised, and its findings feed the 5-year Risk & Resilience Assessment.

💧 Community Water Systems

Drinking-water utilities serving more than 3,300 people must certify a Risk & Resilience Assessment and an Emergency Response Plan to EPA, and revise the ERP within 6 months of each RRA — exercise evidence feeds both.

🏭 Wastewater & Treatment Utilities

Treatment and distribution operations reliant on SCADA, dosing control, and lift-station PLCs must exercise safe-state decisions, manual-operations continuity, and public-health notification under the ERP.

🤝 Regional & Mutual-Aid Networks

Utilities participating in state WARN (Water/Wastewater Agency Response Network) mutual-aid arrangements must exercise activation, indicator sharing, and shared-vendor risk when a regional campaign hits several systems at once.

Standards Alignment

AWIA §2013 Duties — How CyberICS Maps to Each

The Emergency Response Plan's exercise, notification, and continuity duties are the ones most directly addressed by tabletop exercises. The 5-year RRA/ERP cycle and the annual ERP practice clock are tracked live.

AWIA §2013 Duty Mapping Reference

Relevance: Direct = exercise explicitly required  |  Supporting = exercise validates controls  |  Scenario = scenario content covers the threat domain

Standard Title Key Requirement Addressed CyberICS Capability Relevance
SDWA §1433(b) Emergency Response Plan Maintain an ERP that incorporates RRA findings; exercise the plan's roles, alternate-supply, and interconnection arrangements. A formal, evaluated ERP activation exercise with named roles; the AAR is the exercise record with plan-deviation findings for certification. Direct
ERP Exercise ERP Exercise (Annual Practice Clock) Exercise the ERP regularly. AWIA fixes no interval; annual exercising is the prevailing EPA/CISA preparedness expectation. Six sequenced water-sector scenarios plus a formal ERP test; live tracking of the 12-month practice clock from completed sessions. Direct
SDWA §1433(a) Risk & Resilience Assessment (5-Year) Recertify the RRA to EPA every 5 years; exercise findings inform the malevolent-act and cyber sections. Readiness trend, recurring-gap memory, and the remediation tracker feed the assessment update on the statutory 5-year clock. Supporting
Public Notification Public Health & State Primacy Coordination Coordinate boil-water/do-not-use advisories and public communication with the state primacy agency and health authorities. Contamination and dosing-attack scenarios exercise advisory criteria, sampling strategy, and coordinated public messaging under pressure. Scenario
Cyber Controls SCADA & Third-Party Access Controls Address cyber controls surfaced in the RRA — SCADA protection, vendor remote access, and baseline integrity. SCADA-loss and vendor-access scenarios exercise manual operations, access revocation, and PLC baseline verification with a thin bench. Scenario
Mutual Aid WARN Mutual-Aid Activation Coordinate mutual aid and indicator sharing during a regional event affecting multiple utilities. The capstone regional-campaign scenario exercises WARN activation, WaterISAC/CISA coordination, and shared-vendor risk management. Scenario
Platform Capabilities

How CyberICS Directly Supports AWIA §2013 Preparedness

Three platform capabilities work together to exercise the Emergency Response Plan and feed the 5-year assessment cycle.

🎲
ERP Exercise Record

Documented Exercise Execution

Live Session mode provides a structured, real-time exercise environment. Participants join by code, respond to scenario steps, and all activity is timestamped — creating an auditable exercise record.

  • Timestamped participant activity log
  • Step-by-step scenario walkthrough record
  • Host control bar with session metadata
  • Exercise duration and completion record
📋
ERP Exercise Record

AI-Generated After Action Report

CyberICS's AI engine generates a structured AAR immediately after each exercise — documenting gaps identified, recommended corrective actions, and framework alignment.

  • Structured gap analysis with severity ratings
  • Framework reference per identified gap
  • Corrective action recommendations
  • Downloadable PDF in minutes, not days
📄
Audit Evidence Package

Compliance Evidence Export

The Compliance Dashboard generates per-framework evidence packages — a multi-page audit PDF covering exercise log, controls mapping, gap analysis, remediation timeline, and formal attestation page.

  • Exercise date, participants, and scenario record
  • Framework controls coverage map
  • Gap-to-remediation timeline
  • Attestation page for compliance files
Scenario Library

Water Sector Scenarios — Ready to Run

Six high-fidelity water and wastewater scenarios are immediately available, sequenced from foundational to advanced. Each exercises ERP procedures across your operations, public-health, and executive teams.

Treatment Process
Dosing Setpoint Manipulation

A remote session raises the sodium hydroxide setpoint far beyond normal. Tests safe reversion, verifying water already in distribution, and the do-not-drink advisory decision with public-health authorities.

ERP Safe-State Public Health
SCADA Loss
Ransomware — Manual Operations

SCADA servers and the historian go offline; pumps run on last setpoints but visibility is gone. Tests manual rounds across remote sites, tank-level management, and the 72-hour manual-operations horizon.

ERP Continuity Manual Ops
Public Notification
Contamination Event & Advisory

Taste/odor complaints cluster in one pressure zone while lab results are hours away. Tests emergency sampling, precautionary advisory tradeoffs, and coordinated state/county/media messaging.

ERP State Primacy Advisory
Formal Exercise
ERP Activation Test (Formal)

A planned, evaluated ERP activation — roles and succession, emergency interconnection, generator/chemical contingencies, and LEPC coordination. Deviations feed the ERP revision and RRA cycle.

ERP Exercise LEPC Governance
Third-Party Access
Vendor Remote Access into Plant Controls

The SCADA integrator's account logs in at 03:00 and browses lift-station PLCs. Tests severing/rotating third-party access, PLC baseline verification, and reworking the access model.

Cyber Controls Vendor Baseline
Mutual Aid
Regional Event + WARN Mutual Aid

Three utilities report the same intrusion pattern — all share your SCADA vendor. Tests WARN activation, indicator sharing, WaterISAC/CISA coordination, and governing-board briefing.

Mutual Aid WaterISAC Regional

Plus 59 additional scenarios across Energy, Oil & Gas, Manufacturing, Healthcare, Maritime, and more. Browse the full library →

Evidence Artifacts

Audit-Ready Documentation — Every Exercise

Every CyberICS exercise automatically generates four categories of evidence that map directly to Emergency Response Plan and RRA documentation.

📋
After Action Report (AAR)

AI-generated structured PDF with gap analysis, corrective actions, and framework references. Ready within minutes of exercise completion.

ERP Exercise Record
📈
Compliance Evidence Package

Multi-page per-framework audit PDF: exercise log, controls mapping, gap analysis, remediation timeline, and signed attestation page.

RRA Cycle Evidence
🕑
Session Activity Transcript

Timestamped record of all participant responses, host actions, and step progression. Demonstrates real exercise activity to auditors.

State Notification Log
🔗
Gap-to-Ticket Tracking

Gaps identified in the exercise are automatically pushed to ServiceNow or Jira as remediation tickets — creating a documented corrective action trail.

Remediation Evidence

Explore the Full Regulatory Toolkit Library

CyberICS exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.

Ready to Exercise Your Emergency Response Plan?

Start free with a 14-day trial — no credit card required. Or talk to our water sector team about ERP exercise programs feeding your 5-year RRA cycle.

Also explore: CISA CPG Toolkit  ·  NIST SP 800-82 Toolkit  ·  IEC 62443 Toolkit