Light Dark
February 14, 2024 By Jonathan Reed 3 min read
News

The water and wastewater sector (WWS) faces cybersecurity challenges that leave it wide open to attacks. In response, the CISA, EPA and FBI recently released joint guidance to the sector, citing variable cyber maturity levels and potential cybersecurity solutions.

The new Incident Response Guide (IRG) provides the water sector with information about the federal roles, resources and responsibilities for each stage of the cyber incident response lifecycle. Sector owners and operators can use this information to augment their incident response plans, establish baseline standards and enhance information-sharing.

Water safety under attack

In October 2023, cyber criminals allegedly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) targeted water utilities in Pennsylvania. U.S. law enforcement agencies also revealed that ransomware gangs targeted multiple water and wastewater treatment facilities between 2019 and 2021. To date, no attacks have affected the safety of drinking water.

Given the ongoing risk, the new IRG identifies key federal partners where the sector can seek assistance. These include entities such as CISA, EPA, FBI, the Office of the Director of National Intelligence (ODNI) and the DHS Office of Intelligence and Analysis (I&A).

Incident response guide recommendations

For incident response, the new IRG outlines specific practices, which include:

  • Preparation: CISA encourages WWS utilities to consult the agency’s Cyber Performance Goals to strengthen their cybersecurity baseline.
  • Detection and analysis:  Federal agencies may be able to provide no-cost tools and services to impacted utilities. The FBI and CISA may provide onsite and/or virtual technical analysis and support to an organization after receiving reporting.
  • Containment, eradication and recovery: CISA may provide vital information to WWS utility owners and operators on defensive measures to take to contain and eradicate unauthorized threat actors within their assets.
  • Post-incident activity: CISA and its interagency partners can collect data from impacted organizations, anonymize it and share the anonymized data broadly. This data may include relevant TTP, IOCs and other technical data that may support collective defense.

The challenge for small and rural communities

The U.S. water sector has been described as “target-rich, resource-poor” due to the limited financial and technical resources available. And systems in small and rural communities are especially vulnerable.

At a recent hearing by the Committee on Energy and Commerce, Rick Jeffares, President of the Georgia Rural Water Association, said that over 91% of the community water systems in this country serve less than 10,000 people. As per Jeffares, small and rural communities often have “difficulty complying with complicated federal mandates and providing safe affordable drinking water and sanitation due to limited economies of scale and lack of technical expertise.”

Jeffares also said that vendors that receive federal dollars and sell or install automated equipment should be “required by standard protocols established by the EPA and other agencies to better protect water utilities from cyberattacks.”

At the hearing, the need to get the young people involved was also emphasized. “Rural Water has been doing this through a registered apprenticeship program, and it’s working, so we would like to expand. We anticipate the next generation of water operators will have a higher level of computer and cyber sophistication,” said Jeffares.

Lack of funding

Undoubtedly, a large part of the nation’s water safety effort will depend on financial support. The Infrastructure Investment and Jobs Act of 2021 authorized $250 million over five years for EPA grant assistance to public water systems serving communities of 10,000 or more people. The initiative was penned to support projects that reduce water system cybersecurity risks.

However, Congress has only appropriated $5 million for the program, according to Scott Dewhirst, superintendent and chief operating officer of Tacoma Water.

“Fully funding the program — or at least providing a level of appropriations closer to its annual $50 million authorization — would greatly expand the number of water systems that can tap these resources to improve their cyber defenses,” Dewhirst told lawmakers.

Clearly, the nation’s water supply is at risk. Protective initiatives must be acted upon without delay.

 |  |  |  | 
Jonathan Reed
Freelance Technology Writer

More from News
November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

October 28, 2024

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature