Connect with us

Hi, what are you looking for?



CISA Offering Free Vulnerability Scanning Service to Water Utilities

CISA is offering a free vulnerability scanning service to water utilities to help them protect drinking water and wastewater systems against cyberattacks.

Free vulnerability scanning for water utilities

The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced a new vulnerability scanning service designed to help water utilities identify and address security holes that could expose their systems to remote attacks.

Water utilities can subscribe to this service for free by sending an email to CISA. The scanning begins within 10 days of the necessary paperwork being done.

The free vulnerability scanning service for water utilities covers both drinking water and wastewater systems. It leverages automated tools to identify internet-exposed assets and discover vulnerabilities in those assets, including newly emerged vulnerabilities, known exploited flaws, and common attack vectors. 

Organizations using the service are provided weekly reports with the results of the scan and recommendations for mitigating vulnerabilities. In the case of urgent findings, organizations receive alerts within 24 hours and the target is rescanned every 12 hours.

According to CISA, the benefits of the scanning service include a significant reduction in vulnerabilities in the first few months for newly enrolled organizations. 

“CISA’s scanning provides an external, non-intrusive review of internet-accessible systems. The scanning does not reach your private network and cannot make any changes.” CISA explained in a fact sheet.  

Cyberattacks aimed at the water sector are not uncommon and there have been confirmed reports of attacks impacting industrial control systems (ICS) at water facilities. 

Advertisement. Scroll to continue reading.

A recently proposed bipartisan bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year. 

Related: Former Contractor Employee Charged for Hacking California Water Treatment Facility

Related: EPA Mandates States Report on Cyber Threats to Water Systems

Related: Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.