Cyber Security

CISA published this alert: Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means

 CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.   

 CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

 Membership in the Multi-State ISAC is open to employees or representatives from all 50 states, the District of Columbia, U.S. Territories, local and tribal governments, public K-12 education entities, public institutions of higher education, authorities, and any other non-federal public entity in the United States of America. This is always a free and voluntary membership for all these eligible organizations. Visit https://learn.cisecurity.org/ms-isac-registration to learn more and register.

I encourage your partners from towns and municipalities to register to MS-ISAC.

Many State, Local, Tribal, and Territorial (SLTT) IT professionals wear multiple hats due to limited resources, juggling IT operations, cybersecurity, governance, and privacy responsibilities. Building a robust cybersecurity program in this resource-constrained environment can feel overwhelming, especially with the maze of frameworks, compliance requirements, and seemingly endless technical tools.


This webinar is designed to simplify the process, providing IT teams with actionable strategies to enhance their cybersecurity programs. Former and current IT leaders will share their experiences and unique approaches to managing security on a budget. This session is ideal for IT/security managers and tool implementers (e.g., network administrators), or those providing relevant contracted support. Join us to discover that a strong cybersecurity program doesn't have to be expensive or overly complex. Learn how to leverage existing resources and make smart choices to protect your organization from cyber threats.

 Register Today

Reference the information below for important details about this session.

 Date: Tuesday, October 8

Time: 3PM ET

Registration: https://cisevents.webex.com/weblink/register/r4da848f134cf9eb9399e595d67e687c6

Upon registering, you will receive a calendar invite from isacwebinars@cisecurity.org that contains detailed information about joining the event. Accept the invitation and use the detailed information on the day of the webinar.

Please direct any questions to info@cisecurity.org.

Incident Response Guide: Water and Wastewater Systems (WWS) Sector

Water Sector Cybersecurity Toolkit

CISA Conducted CISA Live Event – Boosting Water Sector Cybersecurity on LinkedIn Live

On Wednesday, February 7, CISA hosted its third CISA Live!Boosting Water Sector Cybersecurity, hosted on LinkedIn Live. CISA Deputy Director Nitin Natarajan and Director of Environmental Protection Agency Water Infrastructure and Cyber Resilience Division David Travers discussed the current water sector cyber risk environment, the importance of partnerships, and sector challenges and provided information on how stakeholders can improve their cybersecurity—including by taking advantage of the jointly developed Cybersecurity Toolkit for Water and Wastewater launched earlier this month.

Watch the full recording: CISA Live! – Boosting Water Sector Cybersecurity

CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint fact sheet Top Cyber Actions for Securing Water Systems. This fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:

  • Reduce Exposure to the Public-Facing Internet
  • Conduct Regular Cybersecurity Assessments
  • Change Default Passwords Immediately
  • Conduct an Inventory of Operational Technology/Information Technology Assets
  • Develop and Exercise Cybersecurity Incident Response and Recovery Plans
  • Backup OT/IT Systems
  • Reduce Exposure to Vulnerabilities
  • Conduct Cybersecurity Awareness Training

 
CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity.

Organizations can visit cisa.gov/water for additional sector tools, information, and resources.