NIST Seeks Industry Input on Securing Water, Wastewater Utilities

The National Institute of Standards and Technology is planning to publish new guidance for the water and wastewater systems sector to improve its cybersecurity posture. NIST is currently seeking industry insights to help form the cybersecurity reference architecture called the NIST SP 1800 series practice guide.

Water sector leaders previously called for enhanced oversight efforts, noting that their sector is the “weakest link” in U.S. critical infrastructure. A 2021 ThreatLocker study found that at least 38 percent of water systems spent less than 1 percent of their budgets on IT cybersecurity, FCW reported.

In October 2021, the FBI, the Environmental Protection Agency, the National Security Agency and the Cybersecurity and Infrastructure Security Agency warned that malicious actors were targeting the information technology and operational technology networks, systems and devices of water and wastewater systems in the country.

According to a joint advisory, the attacks included attempts to compromise system integrity through unauthorized access, threatening the ability of facilities to provide clean, potable water and effectively manage the wastewater of their communities.

NIST said given the increasing adoption of data-enabled capabilities by the water and wastewater systems sector, best practices, guidance and solutions should be developed to ensure that the facilities can mitigate and withstand cyberattacks.

According to the agency, it will accept public comments on its planned cybersecurity reference architecture until Dec. 19.