U.S. federal agencies have joined forces to release cybersecurity best practices guidance for the water and wastewater industry (WWS).
The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) issued this guidance in an attempt to increase cybersecurity resiliency and improve incident response in the WWS space.
The guidance comes less than two weeks after the Office of Inspector General (OIG) released a report calling on CISA to strengthen the water and wastewater industry’s cybersecurity resiliency through improved external collaboration and internal coordination.
Water and wastewater systems, like other essential elements of critical infrastructure, can fall victim to cyberattacks, in part because they are considered “target-rich and network-poor.”
For example, in February 2021, a malicious hacker allegedly broke into the computer system of a water treatment plant in Florida and poisoned the water supply.
Last month, a malicious hacker allegedly attempted to similarly poison water at a San Francisco Bay Area factory.
In March 2021, a former worker at the Kanas public water system was charged with unauthorized access to a computer system in an apparent attempt to tamper with the drinking water supply.
Meanwhile, there has been a recent series of ransomware attacks targeting the WWS sector, as well as likely nation-state activity, with the pro-Iranian Cyber Av3ngers group believed to be behind a series of attacks targeting multiple water companies. USA.
Guidance issued by the FBI, CISA, and EPA focuses on four phases of incident response:
- Prepare: WWS sector organizations should develop an incident response plan, implement available services and resources to improve their network baseline, and interact with the WWS sector network community.
- Detection and analysis: Accurate, timely reporting and rapid collective analysis are critical to understanding the full scope and impact of a cyber incident. This guide provides information about verification events, reporting levels, and available technical analysis and support.
- containment, eradication and recovery: While WWS sector utilities are executing their incident response plans, federal partners are focusing on coordinated messaging and information sharing as well as remediation and mitigation assistance.
- post-incident activities. Evidence preservation, use of incident information collected, and lessons learned are paramount elements in properly analyzing an incident and how responders handled it.
“The water and wastewater industry continues to be threatened by malicious cyber actors,” said Eric Goldstein, executive assistant director for cybersecurity at CISA. “This timely and actionable guidance reflects the outstanding work among industry, nonprofit and government partners. Partnership. EPA, FBI, and CISA support this important sector. We encourage each WWS entity to review this joint guidance and implement its recommended actions.”
Editor’s note: The opinions expressed in this guest author article are those of the contributor and do not necessarily reflect the views of Tripwire.
