Water Utilities Get 100-Day Cybersecurity Plan
The United States Environmental Protection Agency (EPA) has drawn up a 100-day game plan to help protect the nation’s water systems from cyber-attacks.
The Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan focuses on high-impact acts that can be performed within 100 days to improve cybersecurity across the water sector.
Strategies detailed in the roadmap promote and support the early detection of cyber-threats and the rapid sharing of data across the government to speed up cyber-threat analysis and action.
The plan advocates the establishment of a cybersecurity task force comprising leaders from the water sector. It also calls for the implementation of pilot projects to demonstrate and accelerate the adoption of incident monitoring.
“Cyber-attacks represent an increasing threat to water systems and thereby the safety and security of our communities,” said EPA administrator Michael S. Regan.
“As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America.”
The plan was announced on Thursday by the EPA and its federal partners. It was developed by the EPA, the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC).
“The action plans for the electric grid and pipelines have already resulted in over 150 electricity utilities serving over 90 million residential customers and multiple critical natural gas pipelines deploying additional cybersecurity technologies,” said deputy national security advisor for cyber and emerging technology, Anne Neuberger.
She added: “This plan will build on this work and is another example of our focus and determination to use every tool at our disposal to modernize the nation’s cyber defenses, in partnership with private sector owners and operators of critical infrastructure.”
The EPA said it intends to “encourage, incentivize and assist” water sector stakeholders to rapidly deploy industrial control systems (ICS) cybersecurity monitoring technologies.
“Public-private sector collaboration like this initiative is central to protecting the American public and their ability to safely access critical services,” said secretary of homeland security Alejandro Mayorkas.
More Stories
Indian Fishermen Are Catching Less Squid
Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy. Read More
More on My AI and Democracy Book
In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in...
NHS England Warns of Critical Veeam Vulnerability Under Active Exploitation
NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially...
US Border Agency Under Fire for App’s Handling of Personal Data
Access Now announced that the US Customs and Border Protection agency released records on its app following the NGO’s lawsuit...
IronNet Has Shut Down
After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity...
Sonatype Reports 156% Increase in OSS Malicious Packages
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019,...