Cyber Security
Explore top cybersecurity practices for the Water and Wastewater Systems sector with CISA's latest toolkit and expert-led webinars. Learn how to enhance cyber resilience.
On Friday, December 13th, Cybersecurity and Infrastructure Security Agency, in collaboration with the Environmental Protection Agency (EPA), published a joint fact sheet -
Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems.
This joint fact sheet supplies Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity.
In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS Sector utilities to view the contents of the HMI, make unauthorized changes, and potentially disrupt the facility’s water and/or wastewater treatment process. CISA strongly encourages WWS Sector organizations review and implement the mitigations in this fact sheet to harden remote access to HMIs.
Incident Response Guide: Water and Wastewater Systems (WWS) Sector
Water Sector Cybersecurity Toolkit
CISA Conducted CISA Live Event – Boosting Water Sector Cybersecurity on LinkedIn Live
On Wednesday, February 7, CISA hosted its third CISA Live! – Boosting Water Sector Cybersecurity, hosted on LinkedIn Live. CISA Deputy Director Nitin Natarajan and Director of Environmental Protection Agency Water Infrastructure and Cyber Resilience Division David Travers discussed the current water sector cyber risk environment, the importance of partnerships, and sector challenges and provided information on how stakeholders can improve their cybersecurity—including by taking advantage of the jointly developed Cybersecurity Toolkit for Water and Wastewater launched earlier this month.
Watch the full recording: CISA Live! – Boosting Water Sector Cybersecurity
CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint fact sheet Top Cyber Actions for Securing Water Systems. This fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:
- Reduce Exposure to the Public-Facing Internet
- Conduct Regular Cybersecurity Assessments
- Change Default Passwords Immediately
- Conduct an Inventory of Operational Technology/Information Technology Assets
- Develop and Exercise Cybersecurity Incident Response and Recovery Plans
- Backup OT/IT Systems
- Reduce Exposure to Vulnerabilities
- Conduct Cybersecurity Awareness Training
CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity.
Organizations can visit cisa.gov/water for additional sector tools, information, and resources.