US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS).
The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector.
The guide’s publication comes less than two weeks after a report from the Office of the Inspector General (OIG) called on CISA to enhance the cybersecurity resiliency of the water and wastewater sector by improving external collaboration and its own internal co-ordination.
Water and wastewater systems, just like other essential elements of critical infrastructure, can fall prey to cyber attack – in part because they are deemed “target-rich, cyber-poor.”
For instance, in February 2021 a malicious hacker is alleged to have gained access to a Florida water treatment plant’s computer systems and poisoned the water supply.
The previous month, a malicious hacker allegedly attempted to similarly poison water at a plant in the San Francisco Bay area.
And, in March 2021, an ex-worker at Kanas’s public water systems was charged with accessing computer systems without authorisation, in an apparent attempt to tamper with the supply of drinking water.
Meanwhile, more recently, there have been a series of ransomware attacks against the WWS sector, as well as what may well be nation-state activity with the pro-Iran Cyber Av3ngers group believed to be behind a series of attacks against multiple water utilities across the United States.
The guidance issued by the FBI, CISA, and EPA focuses on the four stages of incident response:
“The Water and Wastewater Systems sector is under constant threat from malicious cyber actors,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein. “This timely and actionable guidance reflects an outstanding partnership between industry, nonprofit, and government partners that came together with EPA, FBI, and CISA to support this essential sector. We encourage every WWS entity to review this joint guide and implement its recommended actions.”
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.