February 22, 2024 at 09:15AM
The US government released new guidance for water and wastewater sector entities to improve cyber resilience. The document, “Top Cyber Actions for Securing Water Systems,” includes instructions and free resources to assess and enhance security posture. It advises reducing internet exposure, conducting regular assessments, improving password hygiene, inventorying assets, updating systems and applications, and providing cybersecurity awareness training. Organizations lacking resources can access free programs, tools, services, and training. This guidance follows a previously released incident response guide.
From the meeting notes, it is clear that the US government has released new guidance for the water and wastewater (WWS) sector entities to enhance the resilience of their networks to cyberattacks. The document, titled “Top Cyber Actions for Securing Water Systems,” not only provides instructions but also offers information on available free resources that can assist WWS organizations in assessing and improving their security posture.
The key actions recommended for WWS entities to minimize cyber risks to their systems include reducing internet exposure by removing OT devices from public access, conducting regular vulnerability assessments, improving password security, inventorying OT and IT assets, regular system backups, timely system and application updates, prioritizing patches, and conducting cybersecurity awareness training.
The document emphasizes that WWS organizations lacking resources to fully implement a cybersecurity resilience plan can access free programs, tools, services, and training provided by CISA and EPA, such as a free vulnerability scanner tailored to water utilities.
It is advised that all WWS entities and critical infrastructure organizations review the guidance and implement the recommended actions to enhance their cyber resilience. The publication of this guidance follows the recent release of an incident response guide by CISA, EPA, and the FBI aimed at improving the cyber resilience and incident response capabilities of WWS entities.