With hackers poisoning water systems, US agencies issue incident response guide to boost cybersecurity – Source: www.tripwire.com

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS).

The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector.

The guide’s publication comes less than two weeks after a report from the Office of the Inspector General (OIG) called on CISA to enhance the cybersecurity resiliency of the water and wastewater sector by improving external collaboration and its own internal co-ordination.

Water and wastewater systems, just like other essential elements of critical infrastructure, can fall prey to cyber attack – in part because they are deemed “target-rich, cyber-poor.”

For instance, in February 2021 a malicious hacker is alleged to have gained access to a Florida water treatment plant’s computer systems and poisoned the water supply.

The previous month, a  malicious hacker allegedly attempted to similarly poison water at a plant in the San Francisco Bay area.

And, in March 2021, an ex-worker at Kanas’s public water systems was charged with accessing computer systems without authorisation, in an apparent attempt to tamper with the supply of drinking water.

Meanwhile, more recently, there have been a series of ransomware attacks against the WWS sector, as well as what may well be nation-state activity with the pro-Iran Cyber Av3ngers group believed to be behind a series of attacks against multiple water utilities across the United States.

The guidance issued by the FBI, CISA, and EPA focuses on the four stages of incident response:

1. Preparation: WWS Sector organizations should have an incident response plan in place, implement available services and resources to raise their cyber baseline, and engage with the WWS Sector cyber community.
2. Detection and analysis: Accurate and timely reporting and rapid collective analysis are essential to understanding the full scope and impact of a cyber incident. The guidance provides information on validating an incident, reporting levels, and available technical analysis and support.
3. Containment, eradication, and recovery: While WWS Sector utilities are conducting their incident response plan, federal partners are focusing on coordinated messaging and information sharing, and remediation and mitigation assistance.
4. Post-incident activities. Evidence retention, using collected incident data, and lessons learned are the overarching elements for a proper analysis of both the incident and how responders handled it.

“The Water and Wastewater Systems sector is under constant threat from malicious cyber actors,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein. “This timely and actionable guidance reflects an outstanding partnership between industry, nonprofit, and government partners that came together with EPA, FBI, and CISA to support this essential sector. We encourage every WWS entity to review this joint guide and implement its recommended actions.”

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.