Cyber Resilience for Water Utilities: Insights from the Alabama Water OT/IT Cyber Summit

How DYNICS Is Empowering Utilities to Move from Reactive to Proactive Cybersecurity 

On September 4, 2025 the inaugural Alabama Water Cybersecurity Summit, hosted by the McCrary Institute for Cyber and Critical Infrastructure Security, convened a broad coalition of water utility operators, municipal leaders, academic experts and industry-partners in Huntsville, Alabama. Conceived by DYNICS Regional Sales Leader Greg Jenkins and McCrary Cyber Research Engineer Jonathan Sherk, and then brought together by Sherk, the McCrary team along with assistance from a Vendor committee (DYNICS, Mayer Electric, PeopleTec, and Crowdstrike), this event emphasized the essential yet fragile state of America’s water infrastructure. 

As DYNICS continues to expand its offerings for OT cybersecurity and network resilience in the water & wastewater sector, this summit reinforced several key themes we see every day in the field. Below is a summary of the take-aways, how they align with the capabilities DYNICS brings, and how operators (despite tight budgets) can move from a reactive to a proactive posture. 

1. The threat is real, widespread and growing 

The McCrary Institute noted that “one in three water utilities experienced at least one cyber incident in the past year.” Additionally, a 2024 review by the United States Environmental Protection Agency found that about 70% of surveyed systems failed to meet basic security standards. 
 
At the Summit, vulnerability of both legacy OT/SCADA infrastructure and modern IT systems were emphasized as key vectors.
 
For DYNICS customers in the water/wastewater domain, this means the “down-time risk” is no longer hypothetical: small, rural systems are just as likely to be targeted as large municipal utilities. 

2. Funding and resources remain constrained, especially for smaller utilities 

One of the recurrent messages at the Summit: many water and wastewater systems operate under tight budget constraints and are challenged to secure dedicated cybersecurity funding. 
 
In Alabama, some of the funding mechanisms (for instance the federal State & Local Cybersecurity Grant Program) were cited as available, but many utilities need assistance to navigate them. 
 
For DYNICS, this aligns with what our sales team routinely hears: “We know we’re at risk but we don’t have deep resources for expensive solutions or dedicated cyber staff.” That’s why our message is geared toward cost-effective, scalable solutions and assessments that deliver early wins. 

3. Proactive assessments and OT/IT network visibility are the foundation 

One of the most consistent points made at the Summit: the importance of gaining visibility into what’s happening inside OT/IT networks, identifying legacy systems, segmenting networks, instituting access control and planning incident response, all before an event occurs.
 
For instance, the keynote from the Alabama CISO stressed practical steps utility leaders can take to “embed cybersecurity into operational culture.” 
 
At DYNICS we believe this must start with a cyber-safety assessment: baseline what you have, where the risks are, how OT devices are speaking to IT systems and what legacy technologies might expose you. 

4. Tailored solutions for the water sector 

The Summit included break-out sessions focused on: securing legacy OT systems, mitigating ransomware risk, navigating regulatory/compliance complexity and leveraging emerging technologies such as AI for threat detection—all with budget pressure in mind. 

DYNICS offers a portfolio of OT-network and cybersecurity solutions that map well to this guidance: our ICS360 suite (ICS360.Defender, ICS360.DCC, ICS360.IAM) as well as OT network switches (ICS360.FlexConnect), and our service engagements for assessments, segmentation strategies and access control.

In the water/wastewater sector, we emphasize: 

• Segmented OT networks that isolate SCADA/PLC infrastructure from general IT traffic. 
• Identity and access management tuned for plant floor roles and contractors.
• Modular, “right-sized” solutions so smaller systems can implement incrementally rather than all at once, all or nothing solutions.

5. From reactive to proactive: shifting the mindset 

Perhaps the clearest theme of the Summit: too many utilities wait until they are hit by an incident before acting, and by then the cost (financial, reputational, operational, public-safety) is already high. The Summit emphasized that taking proactive steps now is far less expensive and far more effective than dealing with the fallout. 
 
From DYNICS’s vantage point, the “cost of doing nothing” is too high to ignore. Our recommended path: begin with a scoped assessment, develop a prioritized roadmap, implement foundational protections (network segmentation, identity control, monitoring) and rise from there. 
 
Because we understand many municipalities and utilities have limited funding, our approach is modular: pick the highest-risk asset first, secure it, demonstrate value, then expand. 

6. What comes next? 

In partnership with Greg Jenkins and regional utility engagements, DYNICS is committed to following up the momentum generated at the Alabama Water Cybersecurity Summit. Our next steps include: 

• Generating tailored content (video series/online resources) to small utilities on OT cybersecurity fundamentals. 
• Aligning our ICS360 solution set and service offerings with grant-funding opportunities (so utilities can apply funds rather than bear full out-of-pocket cost). 
• Building case studies in the water sector to show how segmentation + IAM + monitoring reduce risk and help meet basic standards. 

We believe that by starting with a clear baseline, a prioritized roadmap and step-wise implementation, operators can shift from reactive post-incident mode to proactive risk-mitigation mode, and gain value from their OT/IT networks beyond just “compliance.” 

Closing thoughts 

The Alabama Summit underscored three truths that resonate strongly with DYNICS’s mission:  

1. Water infrastructure is a high-value target that must be protected 
2. Many systems are under-resourced, but they cannot wait for “perfect funding,”  
3. Visibility, segmentation, and identity-centric controls in OT/IT networks are the bedrock of security. 

For utilities and municipalities, embracing a proactive stance, with a trusted partner can be the difference between an event and an outcome prevented.

At DYNICS, we are ready to partner with you, in assessment, in roadmap development, and in deployment of water-industry-tuned OT cybersecurity solutions. If you attended the Summit and want to explore next steps, please reach out to Greg Jenkins and our team. 

Thank you to the McCrary Institute, Jonathan Sherk and all the Summit participants for elevating this dialogue at a crucial time for water infrastructure.

Together, we can turn insight into action and protect what keeps communities flowing. 

Sources:

• “Auburn’s McCrary Institute summit brings together cybersecurity leaders to help prevent attacks against water systems” – 256 Today
  https://256today.com/auburns-mccrary-institute-summit-brings-together-cybersecurity-leaders-to-help-prevent-attacks-against-water-systems/
• “Alabama Water Cybersecurity Summit Tackles Escalating Threats to Critical Water Infrastructure”  – Huntsville Commerce Report
  https://www.huntsvillecommerce.com/alabama-water-cybersecurity-summit-tackles-escalating-threats-to-critical-water-infrastructure/