Over the past few decades, our water supplier Supervisory Control and Data Acquisition (SCADA) systems have become more network connected, which often includes connections to the internet and other untrusted computer networks. This often helps them to perform better allowing better and more efficient and cost effective monitoring and control capability for water processes. However, this also increasingly exposes these critical systems to cybersecurity threats that can disrupt operations, compromise water quality, damage water system assets, create regulatory and public-confidence risks, or other impacts.
This course, designed specifically for rural and small water suppliers, provides a practical, operations-focused introduction to SCADA and OT (operational technology) cybersecurity tailored to drinking water and wastewater utilities. Participants will gain an understanding of the most relevant cyber threats facing water systems today, including publicly known incidents, currently cyber adversaries to US critical infrastructure, ransomware, remote access misuse, vendor-related risks, insecure configurations, and common weaknesses in control system environments. Real-world examples and water-sector-specific scenarios are used to illustrate how cyber incidents occur and how they can affect treatment, distribution, and compliance.
In addition to understanding threats, the course emphasizes recommended and achievable mitigations that are appropriate for rural utilities. Rather than focusing on abstract technical concepts, the course concentrates on practical controls that can be implemented in typical water SCADA environments, such as secure remote access, network segmentation, backup and recovery practices, asset awareness, vendor management, and basic monitoring strategies. These mitigations are aligned with widely accepted industry guidance and are presented in a way that supports incremental improvement rather than one-time compliance exercises.
A key component of the course is preparing participants to for meeting regulatory expectations and assessments related to cybersecurity. The course explains how cybersecurity fits into broader risk management obligations and helps participants understand how to respond to assessment questions. Special attention is given to preparing for state-level oversight, including how to be ready for a cybersecurity-related sanitary survey conducted by Massachusetts Department of Environmental Protection (MassDEP). Participants will learn what regulators are typically looking for, how to demonstrate reasonable practices, and how to document cybersecurity activities in a way that aligns with operational realities.
By the end of the course, participants will have a stronger understanding of their SCADA cybersecurity risk, a practical set of actions they can take to improve security, and increased confidence in discussing cybersecurity with regulators, management, and external partners. This course is intended to support sustainable, realistic cybersecurity practices that enhance resilience while recognizing the constraints faced by rural water systems.
Class will be held In-Person. To allow for adequate training time for each participant, we will be watching registrations closely and begin a Wait List, if needed. Registration is on a first come first served basis.
To sign up for this class, REGISTER ONLINE, or contact Jason Blais
Date: January 27, 2026 (#2026-01)
Locations:
Townsend Water Treatment Plant
25 Harbor Trace Rd
Townsend, MA 01469
County: Middlesex
Time:
Attendance: 7:45AM – 8:00AM
Class: 8:00AM – 12:30AM (includes breaks)
Morning Refreshments will be provided!
Class Fee (per registrant):
MassRWA Members: FREE
Non-Members: FREE
Agency Approval:
4.0 TCH’s for MA Water & Wastewater operators
Instructor:
Gus Serino, PE, President, I&C Secure, Inc.
Mr. Serino brings over 25 years of experience in control systems engineering and ICS/OT cybersecurity. Specializing in water and wastewater, Gus and his team are focused on delivering secure, resilient, SCADA and automation solutions for critical infrastructure. I&C Secure brings significant experience in SCADA engineering design, start-up & commissioning, technical implementation, maintenance/troubleshooting, program management, and cybersecurity of industrial control systems. Gus is recognized as a subject matter expert in the field of industrial cybersecurity, with media appearances on Anderson Cooper 360 and features in CNN and Wired. Drawing on prior roles at CDM Smith, MWRA, and Dragos, Gus guides utilities toward building sustainable OT cybersecurity programs that protect essential services. Gus combines his skills and experience to provide innovative solutions to solving complex problems for resourced constrained clients. He supports the OT cybersecurity community at large by serving as an SME to Dragos OT-CERT, and WaterISAC.
REGISTER ONLINE NOW
Cancellation Policy:
Individuals registered for one of our training classes, seminars, and/or conferences will be charged the class fee if we have not received notice of cancellation at least 48 hours prior to the beginning of class. Anyone contacting MassRWA to cancel enrollment in a training session will receive a cancellation number. In the event of an emergency, which would prevent attendance, please contact MassRWA as soon as possible with the details.
Consent to Use Photographic Images, Videos, & Recordings:
Registration and attendance at, or participation in, MassRWA’s meetings, trainings, and other seminars constitutes an agreement byu the attendee to MassRWA’s use and distrbution (both now and in the future) of the attendee’s image or voice in photographs, videos/videotapes, electronic reproductions, and audi files.tapes of such events and activities. This include permission to record sessions and streaming events.