Agencies Unite to Protect Water Systems from Cyberattacks

In response to the escalating threat of cyberattacks on critical infrastructure, the United States agencies CISA, the FBI, and the Environmental Protection Agency (EPA) have issued guidelines to enhance the cybersecurity of Water and Wastewater Systems (WWS) against cyber threats.

The document outlines eight key measures aimed at mitigating the risks of cyberattacks and bolstering resilience against malicious activities.

The recommendations include:

• Reduce Exposure to the Public-Facing Internet
• Conduct Regular Cybersecurity Assessments
• Change Default Passwords Immediately
• Conduct an Inventory of Operational Technology/Information Technology Assets
• Develop and Exercise Cybersecurity Incident Response and Recovery Plans
• Backup OT/IT Systems
• Reduce Exposure to Vulnerabilities
• Conduct Cybersecurity Awareness Training

Additionally, the agencies encourage companies to visit a specialized resource for access to further protective and scanning tools, as well as comprehensive information on threats.

In recent years, water supply facilities in the U.S. have become targets for cybercriminals, leading to the compromise of critical infrastructure and raising concerns about public safety. Consequently, in September, CISA launched a free network scanning program to assist critical infrastructure facilities, including the water supply sector, in identifying security gaps and safeguarding systems against cyberattacks.