It looks like you are coming from United States, but the current site you have selected to visit is Canada. Do you want to change sites?

Yes, please. No. Keep me on the current site.

  • Incident Response Launches in North America!

    An insurance policy for your Operational Technology

    Learn More

  • Cybersecurity in a Digital World

    Q&A with Nick Nedostup, Chief Information Security Officer, Xylem

    Read More

  • Cybersecurity for Our Customers

    Xylem is a technology company with a commitment to innovation while addressing security needs for all of our solutions through continuous improvement.

  • Managing Cyber Risk

    How Xylem can help to secure your critical water assets

    Learn More

  • Report an Issue

    Believe you've found a cybersecurity issue? 

    Contact us securely


Incident Response Launches in North America

Xylem is partnering with Dragos, an industrial security company, to begin offering an Incident Response Retainer which will help customers securely make the transition to digital.

Learn More

Our customers are partners and we work to anticipate customer needs with our broad product offerings, our applications expertise, and our knowledge to protect the availability, integrity, and confidentiality of our customers’ infrastructure and information.

Download Brochure

Connected, smart devices are growing at an exponential rate.
At Xylem, we recognize the risks associated in a connected world.
Cyber threats rapidly evolve and expand, with potential to disrupt business operations.
Contact Us

For questions about Xylem products or our security principles:

Email Us

Communication Security

Xylem has established a public PGP key and we encourage communication regarding security of our products to take place via encrypted email.

Download our public PGP key

Xylem Security Advisories

Xylem Product Cybersecurity discloses the information necessary for operators to assess the impact of a security vulnerability. 

View security advisories

Security Notifications

Get notified of any future Xylem Security Advisories

Our Security Strategy

Xylem is a technology company with a commitment to innovation while addressing security needs for all of our solutions through continuous improvement. Along with a riskā€based security design and implementation approach, our engineering, development, and cybersecurity teams remain diligently focused on the identification and eradication of security vulnerabilities. Our practices include:

  • Implementation of Security by Design principles throughout the product development lifecycle

  • Collaboration with InfraGard, a partnership between the Federal Bureau of Investigations and members of the private sector

  • Membership in the Water Information Sharing and Analysis Center (ISAC), the international security network created by and for the water and wastewater sector. As a cybersecurity partner, you can learn more about security preparedness at

We also encourage our customers and partners to follow generally accepted IT and cybersecurity best practices.


Vulnerability Response and Disclosure

Xylem’s Product Security Incident Response Team (PSIRT) manages the response to security vulnerabilities that pose a risk to Xylem fielded products.

Xylem is an approved CVE Numbering Authority (CNA) for Xylem products and technologies.

Security researchers, customers, vendors, and industry partners can report product security vulnerabilities to using PGP encryption.

Vulnerability Reporting

When reporting a vulnerability, please include the following information:

  • Product name and version
  • Description of the potential vulnerability
  • Any special configuration required to reproduce the issue
  • Step by step instructions to reproduce the issue
  • Proof of concept or exploit code, if available
  • Potential Impact
  • Any other relevant information


Xylem PSIRT will acknowledge receipt of the reported potential vulnerability and begin triage. If the reported vulnerability is determined to be valid, a risk assessment will be performed. The risk assessment will take into account the following:

  • Technical Severity (CVSS Rating)
  • Business Impact
  • Product Deployment


A remediation plan will then be determined based on the risk of the vulnerability. Remediation plans can include patches, updates, configuration changes, or implementing compensating controls.


Once the remediation plan is available, Xylem PSIRT will coordinate the appropriate disclosure. Disclosures can include a combination of, but are not limited to, direct customer notification, publishing of a Xylem Product Security Advisory on , Coordinated Vulnerability Disclosure through DHS CISA.

Partner with Us

We value water as a resource and work to protect accessibility to clean, safe water. We are all stewards of this precious resource. For more information about reporting an incident involving water resources please visit

We thank you for your partnership in ensuring the confidentiality, integrity and availability of our data, products, and water.