Upgrade Your Cyber Protection Plan

Cyber threats and outages can happen - but with the right planning and protection, your utility stays operational and trusted. Gradient Planning brings together cybersecurity and business continuity strategies that actually work. Protect operational continuity and public trust by strengthening cyber readiness across IT and OT environments. Gradient Planning helps water and wastewater utilities translate cybersecurity expectations into practical plans, procedures, and exercises—so your team can prevent incidents where possible and respond decisively when they occur.

Get Help With Cyber Protection

Why cybersecurity matters more than ever

Cybersecurity matters now more than ever because water and wastewater utilities are increasingly targeted by ransomware, phishing, and attacks that exploit remote access and third-party vendors. At the same time, utilities rely more heavily on interconnected IT and OT systems to run treatment, pumping, billing, and communications—so a single compromise can quickly disrupt service, threaten water quality, and erode public trust. Strengthening cyber readiness is no longer an “IT issue”; it is core to operational continuity, regulatory responsibility, and community resilience.

What You Do Not Want:

  • Rising cyber threats with limited IT/OT defenses

  • Unclear response protocols across IT, operations, and leadership

  • Downtime risks that threaten service continuity, compliance, and public trust

  • Untested backups and recovery procedures

Our Process

Our cyber readiness process is Assess → Plan → Train/Exercise → Improve. We identify your highest-risk IT/OT scenarios, translate findings into practical plan updates, including incident response and ERP procedures, then train and exercise staff to validate the plan and drive targeted improvements.

Assess

We start by understanding how your utility actually operates—across both IT and OT. Through targeted document review, site observations, and collaborating with staff, we identify priority systems, access pathways, and the scenarios most likely to disrupt operations, billing, and communications. The result is a clear, utility-specific picture of cyber risk and operational consequences.

Plan

Next, we translate findings into a practical, defensible plan. You receive prioritized recommendations and clear next steps—governance, procedures, and technical/administrative controls—sized to your utility’s staffing and resources. We also update or develop cyber incident response and ERP components so roles, triggers, escalation, and communications align with your highest-risk scenarios.

Train/Exercise

A plan only works if people can execute it under pressure. We train leaders, IT, and operators on the updated procedures and then validate them through tabletop or functional exercises. Exercises are built around realistic utility scenarios (e.g., ransomware, compromised remote access, OT disruption) and emphasize coordination, decision-making, and service continuity. Click here for more information about Gradient Planning Emergency Exercise Services.

Improve

After training and exercises, we capture lessons learned and convert them into targeted improvements. You receive an action list with owners and timelines, updates to checklists and playbooks, and recommendations for strengthening controls over time. This closes the loop—so cyber readiness remains current, practical, and continuously improving.

Get Help With Cyber Protection Planning ➝

“Exceptional Partner”

The City of Framingham’s Water & Wastewater Department has been working with Gradient Planning each year since 2017 on all aspects of risk management.  Gradient Planning has been an exceptional partner to Framingham, offering practical solutions-focused planning that consistently strengthens our overall preparedness. Their deep subject-matter expertise and willingness to respond to our evolving needs, has allowed Framingham to progressively work toward our preparedness goals and continue to maintain compliance along the way.
— Stephanie Tarves, P.E., Director of Capital Project Management, City of Framingham, MA

Kate Lancraft, P.E., C.S.P.
Founder and Managing Director
Gradient Planning, LLC

Gradient Planning has exceeded our expectations in every aspect of emergency preparedness consultancy. Kate Lancraft provides a comprehensive approach, attention to detail, and tailored programs that ensure our organization is empowered to handle any scenario with confidence. From risk assessments to customized training sessions, Kate has been a partner to our team. With unparalleled expertise and dedication to our safety and resilience, it is clear that Gradient Planning is committed to our continual improvement. Without hesitation, I highly recommend Gradient Planning to any organization serious about safeguarding its future.
— Amanda Schenkle, Manager of Environmental Health, Safety and Risk, South Central Connecticut Regional Water Authority Regional Water Authority

25+

years supporting critical infrastructure resilience

Deep, sustained experience helping water and wastewater utilities manage risk, maintain continuity, and meet evolving regulatory expectations.

100%

regulatory acceptance of risk assessments and ERPs

All assessments and emergency response plans accepted by EPA and state regulators with zero corrective follow-up required.

50+

utilities served across small, mid-size, and large systems

Trusted by utilities in New England and beyond to deliver practical, solutions-focused planning tailored to real operational conditions.

Common questions about cyber protection planning

  • Yes—your ERP is the foundation, but cyber incidents often require more detailed, step-by-step actions than most ERPs include. We integrate cyber-specific procedures into the ERP (roles, triggers, notifications, and continuity actions) and develop incident response playbooks that guide IT, operations, and leadership through containment, recovery, and safe service restoration.

  • Yes. Cyber risk in utilities spans both business systems (email, billing, file servers) and operational technology (SCADA, PLCs, HMIs, remote access). Our planning process addresses the interfaces between IT and OT and focuses on operational consequences—what it means for treatment, pumping, chemical feed, monitoring, and compliance if a system is compromised.

  • You receive an updated, utility-specific cyber protection/response package that is practical and defensible: prioritized recommendations, cyber incident response procedures, ERP updates, contact/notification protocols, and simple checklists that are usable under pressure. We also provide training and an exercise option to validate the plan and produce an improvement roadmap with owners and timelines.

Be ready before it happens

Every moment counts during an emergency — plan ahead with a partner who's been there.

Get Help With Cyber Protection Planning ➝