Modern water distribution systems rely on networks of digital devices, which offer a vast attack surface to unauthorized users. In this project, we plan to develop novel data-driven solutions for detecting and responding to cyber-attacks. In particular, we will work with both network and process (SCADA) data generated by our first contribution, that is, a digital twin. The availability of such data will propel two additional contributions: (1) attack detection and localization algorithms, and (2) real-time response strategies. The detection (and localization) process will rely on the idea of pairing process and traffic data to reduce the number of false positives, identify both physical and digital assets under attack, and disclose threats earlier in the kill chain. This information will be then harnessed by a Deep Reinforcement Learning agent, which will learn the best response strategies through repeated interactions with the digital twin.