Cyber Security

Explore top cybersecurity practices for the Water and Wastewater Systems sector with CISA's latest toolkit and expert-led webinars. Learn how to enhance cyber resilience.

WaterISAC and EPA have released the latest quarterly edition of the National Security Information Sharing Bulletin (ISB), developed for water and wastewater utilities. Each issue focuses on key security and resilience topics, including cybersecurity, physical security, and natural disasters.

As cyber actors increasingly target the water and wastewater sector, building a sector-wide security mindset has never been more urgent. This issue reinforces the vital role we all play in protecting our nation’s critical infrastructure. It also highlights several free government cybersecurity services that utilities are encouraged to consider.

The attached ISB is a joint effort by the EPA Office of National Security and WaterISAC, with support from the EPA Office of Water and the Water Sector Coordinating Council. It aims to raise awareness and promote security and preparedness across the water and wastewater sector.

https://assets.noviams.com/novi-file-uploads/drwa/WaterISAC_EPA_Bulletin_Q2-25_Final.pdf

https://www.waterisac.org/event/water-sector-natural-disaster-threat-briefing-lessons-learned- responding-hurricane-helene

On May 6th, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation and other US government (USG) partners published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will improve their cybersecurity posture and reduce risk to unsophisticated cyber threat activity. The authoring agencies also encourage critical infrastructure entities to regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance.

In addition to this fact sheet, CISA and USG partners published an operational alert warning of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems. These actors often use basic and elementary intrusion techniques because they target organizations with poor cyber hygiene and exposed public facing devices. The presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage.

CISA strongly urges critical infrastructure asset owners and operators to review the fact sheet, Primary Mitigations to Reduce Cyber Threats to Operational Technology, for detailed guidance on reducing the risk of potential intrusions.

To learn more about the CISA resources for OT/ICS, visit Industrial Control Systems on CISA.gov.