Federal agencies are pushing water utilities and transit operators to plan for sudden, prolonged internet outages that could disable the remote monitoring and control systems these services depend on daily. The Cybersecurity and Infrastructure Security Agency, along with the NSA, FBI, and allied signals agencies from Australia, Canada, and New Zealand, has issued joint guidance aimed at hardening the communications links that keep treatment plants, pump stations, and transit networks functioning. The message is blunt: commercial internet service alone is not enough, and operators that fail to build backup communication paths risk losing control of essential systems when connectivity drops.
Why water plants and transit agencies face a connectivity reckoning
Water and wastewater systems rely on communications networks to run supervisory control and data acquisition (SCADA) systems, relay sensor readings from remote pump stations, and adjust chemical dosing in real time. CISA’s own infrastructure dependency primer states that communications systems underpin virtually every societal function, and it singles out water and wastewater operations as sectors where a communications failure translates directly into lost monitoring and control capability. A plant operator who cannot see pressure readings or remotely open a valve is, in practical terms, flying blind.
Transit agencies face a parallel problem. Dispatch systems, automatic vehicle location feeds, signal controls, and fare collection all route through internet-dependent networks. When those links go dark, agencies lose the ability to coordinate service, communicate with riders, and respond to emergencies in real time. The risk is not theoretical. Cyberattacks against municipal systems have knocked services offline in recent years, and physical threats such as fiber cuts or severe weather can produce the same result without a single line of malicious code.
The hypothesis at the center of CISA’s push is straightforward: utilities that map their communications dependencies and install alternate paths before an outage will keep a higher share of core operations running during a total internet loss than peers that depend solely on a commercial ISP. A 72-hour blackout is the stress test. Operators with satellite links, radio backups, or manual override procedures can still treat water and move buses. Those without them cannot.
Joint federal guidance and the nine-resource toolkit
CISA, the NSA, the FBI, and their counterparts at Australia’s ASD ACSC, Canada’s CCCS, and New Zealand’s NCSC-NZ released joint hardening guidance for communications infrastructure that directs network operators to increase visibility into their systems and close gaps that nation-state actors have already exploited. The guidance focuses on detecting unauthorized access, segmenting network traffic, and ensuring that monitoring tools themselves are not dependent on the same links they are supposed to protect. For a water utility running SCADA over a single broadband connection, the directive amounts to a warning: if you cannot see an intruder on your network, you cannot stop one from shutting it down.
Separately, CISA updated its public-safety communications toolkit with nine new resources designed to help agencies assess their cyber resiliency and plan for communications failures. The toolkit is aimed at first responders and public-safety answering points, but its logic applies equally to any operator whose mission depends on network uptime. The resources walk agencies through dependency mapping, continuity planning, and exercises that simulate extended outages.
Together, these actions signal a federal judgment that prolonged communications failures are foreseeable operating conditions, not rare disasters. CISA’s broader CI Fortify effort reinforces the point by advising critical organizations to prepare for cyber-caused outages as part of routine planning rather than as an afterthought. The initiative frames resilience as a core operational requirement, not an optional security upgrade.
Gaps in the federal playbook for utility communications
The federal guidance is clear on the threat but less specific about how small and mid-size utilities should pay for the fixes. Satellite terminals, dedicated radio networks, and redundant fiber paths all cost money that many municipal water systems and transit agencies do not have in their current budgets. CISA’s toolkit offers planning templates and assessment checklists, but it does not come with direct funding or grant programs tied to communications hardening. That leaves operators to compete for existing infrastructure dollars or absorb the cost through rate increases.
There is also no published federal dataset measuring how many water or transit systems have actually completed the dependency mapping CISA recommends. Without a baseline, it is difficult to track whether the guidance is changing behavior or sitting unread on agency servers. CISA’s infrastructure dependency primer establishes the conceptual link between communications loss and operational failure, but the agency has not released case studies quantifying the real-world impact on water quality, service interruptions, or public safety when a utility loses connectivity for an extended period.
The joint hardening guidance was developed in response to nation-state activity targeting communications providers, which means it is tuned for sophisticated adversaries. Smaller utilities facing more common threats, such as ransomware, accidental fiber cuts, or severe storms, may need simpler, cheaper solutions that the current guidance does not fully address. A rural water district with three employees and a single broadband line faces a different problem set than a metropolitan transit authority with a dedicated security team and complex network architecture.
What resilience looks like on the ground
For utilities and transit agencies, putting the guidance into practice starts with inventory. Operators need a clear map of which systems depend on which communications links, from treatment plant control rooms down to remote lift stations and bus depots. That map should identify single points of failure, such as a sole fiber route into a facility or a SCADA server that cannot be reached if one router fails.
From there, agencies can prioritize alternate paths. Some will invest in satellite links for critical sites; others may rely on microwave or licensed radio systems that bypass commercial internet providers. For transit, cellular-based backup for vehicle tracking and voice communications can keep core dispatch functions running even if primary data centers are offline. The key is to ensure that at least one independent channel exists for essential commands and status updates.
Manual fallbacks are equally important. Water utilities can pre-plan procedures for operating in “local control” mode, where on-site staff adjust valves and pumps based on direct readings rather than remote instructions. Transit agencies can prepare paper schedules, pre-scripted radio protocols, and field supervisors trained to manage routes when automated systems fail. These measures will not fully replace digital control, but they can prevent a communications outage from cascading into a complete service collapse.
Testing, training, and the cultural hurdle
Planning documents alone will not keep services running during a prolonged outage. Utilities and transit agencies need to exercise their continuity plans under realistic conditions, including drills where internet connectivity is deliberately cut to simulate a 72-hour blackout. Those tests can reveal unexpected dependencies, such as security cameras that share a network with SCADA systems or backup radios that rely on cloud-based configuration servers.
Training is another weak spot. Many operators have grown accustomed to always-on connectivity and have never worked in a fully offline environment. Regular exercises can rebuild the muscle memory required to run plants and fleets with limited digital support. They also help leadership understand the tradeoffs involved in resilience investments, making it easier to justify the cost of redundant links and hardened infrastructure.
The cultural shift may be the hardest part. Treating prolonged communications failures as routine planning scenarios, rather than once-in-a-century disasters, requires executives and boards to accept that outages will happen and that some revenue must be diverted from visible projects to invisible redundancy. Federal guidance can set expectations, but local leaders ultimately decide whether resilience is a budget line or a talking point.
From warnings to measurable progress
CISA and its partners have laid out a clear warning about the fragility of internet-dependent control systems and offered frameworks for hardening them. The next step is turning that guidance into measurable progress. That could mean voluntary reporting on dependency mapping, standardized outage exercises, or future funding programs that reward concrete resilience upgrades rather than paper plans.
For now, water utilities and transit agencies that act on the available guidance will likely weather the next major communications disruption better than those that do not. The technology to build alternate paths and offline procedures already exists. What remains is the willingness to acknowledge that the internet is not infallible and to design critical services that can survive, and continue operating safely, when the network goes dark for days instead of minutes.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
