TLDR:
- The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide aimed at improving incident response in the water and wastewater sector, following an increase in cyberattacks on utilities.
- The guide provides utilities with advice on creating an effective incident response playbook and clarifies best practices for reporting cyber incidents.
- Water and wastewater utilities in the US have been hampered by resource constraints, making it difficult to prioritize cybersecurity.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide aimed at improving incident response in the water and wastewater sector, following an increase in cyberattacks on utilities. The guide, titled “Cyber Incident Response Guide for the Water and Wastewater Sector,” offers utilities advice on creating an effective incident response playbook and clarifies best practices for reporting cyber incidents. The water and wastewater sector has been particularly vulnerable to cyberattacks due to resource constraints and a lack of cybersecurity expertise. The guide aims to help utilities better understand the risks posed by cyber threats and improve their ability to respond to incidents.
The US has approximately 51,000 community water systems and 16,500 publicly owned treatment works for wastewater. However, cybersecurity efforts in the sector have been hindered by limited resources and budgets. Dawn Cappelli, head of the OT-Cyber Emergency Readiness Team for industrial-cybersecurity firm Dragos, explains that most water utilities are small and do not have the expertise or resources to prioritize cybersecurity. The guide aims to address this issue by providing utilities with practical advice on incident response and connecting them with resources to improve their cybersecurity.
Cybersecurity incidents targeting the water and wastewater sector have been on the rise. In recent months, there have been several high-profile incidents, including an intrusion at a water utility in Florida, ransomware attacks on sewage treatment plants in Maine, and an attack by an Iranian-backed group on a water authority in Pennsylvania. These incidents have highlighted the potential impact of cyberattacks on critical infrastructure and the need for improved incident response in the water sector. CISA’s guide aims to help utilities better prepare for and respond to such attacks in order to limit their impact.
The guide recommends that water and wastewater utilities plan for incidents well in advance of any cyberattack. It emphasizes the importance of creating an organizational-level incident response plan, improving detection capabilities, and planning for containment, eradication, and recovery. The guide also encourages utilities to create a post-incident playbook to capture lessons learned and distribute guidance to other utilities in the sector. While the guide is a valuable resource, cybersecurity experts stress the importance of customizing incident response plans to suit the specific needs and circumstances of each utility.
The release of CISA’s guide is an important step towards improving incident response in the water and wastewater sector. By providing utilities with practical advice and resources, the guide aims to help them better understand the risks posed by cyber threats and improve their ability to respond to incidents. However, given the resource constraints faced by many utilities, there is still a long way to go in effectively addressing the cybersecurity challenges in the water sector.