OT systems in the water and wastewater industry were historically designed for isolated operations, prioritizing process efficiency and reliability over cybersecurity. However, the adoption of digital controls, remote monitoring, and IT/OT convergence has significantly increased the attack surface. Legacy systems, third-party access, and geographically distributed assets create vulnerabilities that cyber attackers can exploit. Threats such as ransomware, nation-state attacks, and insider threats can disrupt water treatment operations, compromise public health, and lead to environmental hazards. As digitalization progresses, securing OT environments is critical to ensuring the safety, reliability, and resilience of water and wastewater services.