Critical infrastructure

NIST Formulating Cybersecurity Guidance for Water, Wastewater Sector

The National Institute of Standards and Technology is planning to publish new cybersecurity guidance for the water and wastewater sector which, according to water sector leaders, is the weakest link in the U.S. critical infrastructure.

NIST will establish a consortium of cybersecurity firms and sector members to inform the cybersecurity implementation guide, expected to be released in 2024. The agency will choose partners through a federal register notice that NIST’s National Cybersecurity Center of Excellence posted to identify commercial tools and practices that can address cybersecurity challenges associated with asset management, data integrity, remote access and network segmentation, Nextgov reported.

NIST is asking firms and sector members to submit letters of intent identifying the capabilities they are offering to help secure the sector’s operating environments. Selected organizations will be asked to sign cooperative research and development agreements with NIST to be part of the NCCoE consortium.

In 2022, the Center on Cyber and Technology Innovation and the Cyberspace Solarium Commission released policy statements raising concerns about the vulnerability of U.S. water systems. CCTI Chair Samantha Ravich pointed to a lack of cybersecurity personnel operating the systems as a cause of increased cyberattacks targeting the sector.