Connect with us

Hi, what are you looking for?



US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

CISA, FBI and EPA document aims to help water and wastewater organizations improve their cyber resilience and incident response.

Water utility cybersecurity

The US government on Thursday published new guidance aimed at helping organizations in the water and wastewater (WWS) sector improve their cyber resilience and incident response capabilities.

Released in response to an increased interest by financially and politically motivated threat actors in the United States’ WWS sector, the guide outlines how water utility owners and operators can interact with federal partners to prepare for, mitigate, and respond to incidents.

“The WWS sector has been impacted by various cyber events, including unauthorized access, and ransomware. Continued compromises or failures of the WWS sector could cause cascading impacts across critical infrastructure,” the US cybersecurity agency CISA says.

The Water and Wastewater Sector – Incident Response Guide (PDF), created by CISA, the FBI, and the Environmental Protection Agency (EPA), with assistance from federal agencies and WWS sector partners, details the federal roles, resources, and responsibilities involved throughout the incident response lifecycle.

To improve the water sector’s cybersecurity, the document establishes guidelines for incident reporting, details available resources, services, and no-cost training, helps organizations build a cybersecurity baseline, and encourages them to interact with their local cyber communities.

In some of the previous cyberattacks targeting WWS organizations, threat actors deployed ransomware and attempted to tamper with the normal operations of facilities. In others, state-sponsored hackers compromised devices used at utilities.

To improve the cybersecurity of critical infrastructure, the US government encourages WWS organizations to provide information on cyberattacks to federal partners such as CISA, FBI, EPA, the Office of the Director of National Intelligence (ODNI), and the DHS Office of Intelligence and Analysis (I&A).

Furthermore, they should implement and strengthen their incident response plans, by ensuring that the process includes four stages: preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.

Advertisement. Scroll to continue reading.

According to the guidance, water facilities should start by building an incident response plan, raise the baseline, and engage with the community. When detecting an incident, they should evaluate the impacted systems, validate the attack, report it, and analyze it together with federal partners, which can also aid in sharing information and mitigating the attack.

“At the conclusion of any cyber incident, it is important for all relevant partners to conduct a retrospective analysis of both the incident and how responders handled it. The summation of post-incident activities determines ‘lessons learned’,” the guidance reads.

According to CISA, WWS utilities should prioritize resources towards ensuring the normal operation of their water systems, and not towards cybersecurity. However, they are encouraged to participate in collective response efforts whenever possible, regardless whether they have been the victims of an incident.

Related: Cyberattack on Irish Utility Cuts Off Water Supply for Two Days

Related: CISA Now Flagging Vulnerabilities, Misconfigurations Exploited by Ransomware

Related: Critical Infrastructure Services Firm Ventia Takes Systems Offline Due to Cyberattack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.