Cyber Security
Explore top cybersecurity practices for the Water and Wastewater Systems sector with CISA's latest toolkit and expert-led webinars. Learn how to enhance cyber resilience.
Join CISA, Thursday, January 30 at 2:00 pm ET
This is an informative webinar on Logging Made Easy (LME)- a no-cost solution from Cybersecurity and Infrastructure Security Agency (CISA) that simplifies log management and strengthens your organization's cybersecurity.
Webinar Highlights:
- LME Overview: Discover how LOME works and explore its key features.
- LME 2.0: Get the latest insights on the newest release
- Benefits: Streamline log management, detect threats faster and reduce manual workload
- Live Demo: Watch LME in action and see its capabilities firsthand
Ideal For:
IT administrators, cybersecurity defenders and decision-makers of small-to-medium-sized organizations aiming to optimize logging processes. Follow the link below to register.
Registration:
January 14, 2025
Cybersecurity and Infrastructure Security Agency along with the United States and International partners released a joint guidance Secure by Demand:
Priority Considerations for Operational Technology Owners and Operators when selecting digital products. As part of CISA's Secure by Demand Series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.
Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufactures who prioritize security elements identified in this guidance.
For more information on questions to consider during procurement discussions, see CISA's Secure by demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To Learn more about secure by design principles and practices, visit Secure by Design
On Friday, December 13th, Cybersecurity and Infrastructure Security Agency, in collaboration with the Environmental Protection Agency (EPA), published a joint fact sheet -
Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems.
This joint fact sheet supplies Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity.
In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS Sector utilities to view the contents of the HMI, make unauthorized changes, and potentially disrupt the facility’s water and/or wastewater treatment process. CISA strongly encourages WWS Sector organizations review and implement the mitigations in this fact sheet to harden remote access to HMIs.
Incident Response Guide: Water and Wastewater Systems (WWS) Sector
Water Sector Cybersecurity Toolkit
CISA Conducted CISA Live Event – Boosting Water Sector Cybersecurity on LinkedIn Live
On Wednesday, February 7, CISA hosted its third CISA Live! – Boosting Water Sector Cybersecurity, hosted on LinkedIn Live. CISA Deputy Director Nitin Natarajan and Director of Environmental Protection Agency Water Infrastructure and Cyber Resilience Division David Travers discussed the current water sector cyber risk environment, the importance of partnerships, and sector challenges and provided information on how stakeholders can improve their cybersecurity—including by taking advantage of the jointly developed Cybersecurity Toolkit for Water and Wastewater launched earlier this month.
Watch the full recording: CISA Live! – Boosting Water Sector Cybersecurity
CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint fact sheet Top Cyber Actions for Securing Water Systems. This fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:
- Reduce Exposure to the Public-Facing Internet
- Conduct Regular Cybersecurity Assessments
- Change Default Passwords Immediately
- Conduct an Inventory of Operational Technology/Information Technology Assets
- Develop and Exercise Cybersecurity Incident Response and Recovery Plans
- Backup OT/IT Systems
- Reduce Exposure to Vulnerabilities
- Conduct Cybersecurity Awareness Training
CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity.
Organizations can visit cisa.gov/water for additional sector tools, information, and resources.