Critical infrastructure
security
CISA, Partners Issue Guidance for Protecting Water, Wastewater Systems From Cyberthreats
The Cybersecurity and Infrastructure Security Agency, the Environmental Protection Agency and the FBI released new guidance to help water and wastewater systems operators and owners fend off cyberthreats.
The guidance highlights four stages of cyberthreat incident response: preparation; detection and analysis; containment, eradication and recovery; and post-incident activities. For each stage, WWS sector organizations are urged to engage with the cybersecurity community, collect information in an accurate and timely manner, implement appropriate response and remediation actions while informing federal agencies and retain pieces of evidence for future reference.
The guidance was developed in partnership with WWS operators, nonprofit organizations and state and local governments, CISA said.
The guidance comes nearly a week after the Department of Homeland Security’s Office of the Inspector General issued a report about CISA’s shortcomings in communicating cybersecurity matters with the WWS sector. According to the OIG, the cybersecurity agency failed to share expertise with the EPA and other stakeholders and failed to work with its counterparts consistently despite having products and services capable of mitigating critical infrastructure threats.
The OIG issued three recommendations to help CISA improve coordination with the WWS sector.
Category: Cybersecurity