The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Environmental Protection Agency (EPA) published Jan. 18 a guide to assist owners and operators in the water and wastewater systems (WWS) sector with best practices for cybersecurity incident response and information about federal roles, resources and responsibilities for each stage of the response lifecycle. Developed in collaboration with more than 25 WWS industry, nonprofit and state/local government partners, “Incident response guide: water and wastewater sector” doesn’t require technical expertise to understand and use it.
The guide covers the four stages of the incident-response lifecycle:
• Preparation—WWS organizations should have an incident response plan in place, implement available services and resources to raise their cybersecurity baseline, and engage with the sector’s cybersecurity community.
• Detection and analysis—Accurate and timely reporting and rapid collective analysis are essential to understand the full scope and impact of a cybersecurity incident. The guide provides information on validating an incident, reporting levels, and available technical analysis and support.
• Containment, eradication and recovery—While WWS utilities conduct their incident response plans, their federal partners focus on coordinated messaging and information sharing, and remediation and mitigation assistance.
• Post-incident activities—Evidence retention, using collected incident data, and lessons learned are the overarching elements for a proper analysis of the incident and how responders handled it.
“Water and wastewater systems are under constant threat from malicious cyber-actors. This timely and actionable guidance reflects an outstanding partnership between industry, nonprofit, and government partners that came together with EPA, FBI and CISA to support this essential sector,” says Eric Goldstein, executive assistant director for cybersecurity at CISA. “We encourage every WWS entity to review this joint guide and implement its recommended actions.
“In the new year, CISA will continue supporting ‘target-rich, cyber-poor’ entities like WWS utilities by providing actionable resources, and encouraging all organizations to report cyber incidents. Our regional team members across the country will continue engaging with WWS partners to provide access to CISA’s voluntary services, such as enrollment in our vulnerability scanning program, and serve as a resource for continued improvement.”