Water Utilities Get 100-Day Cybersecurity Plan
The United States Environmental Protection Agency (EPA) has drawn up a 100-day game plan to help protect the nation’s water systems from cyber-attacks.
The Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan focuses on high-impact acts that can be performed within 100 days to improve cybersecurity across the water sector.
Strategies detailed in the roadmap promote and support the early detection of cyber-threats and the rapid sharing of data across the government to speed up cyber-threat analysis and action.
The plan advocates the establishment of a cybersecurity task force comprising leaders from the water sector. It also calls for the implementation of pilot projects to demonstrate and accelerate the adoption of incident monitoring.
“Cyber-attacks represent an increasing threat to water systems and thereby the safety and security of our communities,” said EPA administrator Michael S. Regan.
“As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America.”
The plan was announced on Thursday by the EPA and its federal partners. It was developed by the EPA, the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC).
“The action plans for the electric grid and pipelines have already resulted in over 150 electricity utilities serving over 90 million residential customers and multiple critical natural gas pipelines deploying additional cybersecurity technologies,” said deputy national security advisor for cyber and emerging technology, Anne Neuberger.
She added: “This plan will build on this work and is another example of our focus and determination to use every tool at our disposal to modernize the nation’s cyber defenses, in partnership with private sector owners and operators of critical infrastructure.”
The EPA said it intends to “encourage, incentivize and assist” water sector stakeholders to rapidly deploy industrial control systems (ICS) cybersecurity monitoring technologies.
“Public-private sector collaboration like this initiative is central to protecting the American public and their ability to safely access critical services,” said secretary of homeland security Alejandro Mayorkas.
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...