With water and wastewater sector contributions, the guide provides recommended actions and available resources throughout the cyber incident response lifecycle.
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Environmental Protection Agency (EPA) have published a guide. It seeks to assist owners and operators in the water and wastewater Systems (WWS) Sector with best practices for cyber incident response. The guide includes information about federal roles, resources and responsibilities for each stage of the response lifecycle. Technical expertise is not required to understand and use this guide.
The guide was developed with over 25 WWS Sector industry, nonprofit, and state/local government partners. This resource covers the four stages of the incident response lifecycle:
- Preparation: WWS Sector organizations should have an incident response plan, implement available services and resources to raise their cyber baseline, and engage with the WWS Sector cyber community.
- Detection and analysis: Accurate and timely reporting and rapid collective analysis are essential to understand a cyber incident’s full scope and impact. The guidance provides information on validating an incident, reporting levels, and available technical analysis and support.
- Containment, eradication, and recovery: While WWS Sector utilities are conducting their incident response plan, federal partners focus on coordinated messaging, information sharing, and remediation and mitigation assistance.
- Post-incident activities. Evidence retention, collected incident data, and lessons learned are the overarching elements for adequately analyzing the incident and how responders handled it.
Incident response guide to minimize impact
“Malicious cyber actors constantly threaten the Water and Wastewater Systems sector. This timely and actionable guidance reflects an outstanding partnership between industry, nonprofit, and government partners that came together with EPA, FBI and CISA to support this essential sector. We encourage every WWS entity to review this joint guide and implement its recommended actions,” said CISA Executive Assistant Director for Cybersecurity Eric Goldstein. “In the new year, CISA will continue to focus on taking every action possible to support ‘target-rich, cyber-poor’ entities like WWS utilities by providing actionable resources and encouraging all organizations to report cyber incidents. Our regional team members nationwide will continue to engage with WWS partners to provide access to CISA’s voluntary services, such as enrollment in our Vulnerability Scanning, and serve as a resource for continued improvement.”
“The Water and Wastewater Systems Sector is a vital part of our critical infrastructure, and the FBI will continue to combat cyber actors who threaten it,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “A key part of our cyber strategy is building strong partnerships and sharing threat information with the owners and operators of critical infrastructure before they are hit with an attack.”
“Cyber threats to the water sector represent a real and urgent risk to safe drinking water and wastewater services that our nation relies on. The incident response guide assists utilities with approaches for collaboration with federal entities on lowering cyber risk in our nation’s drinking water and wastewater systems,” said EPA Assistant Administrator for Water Radhika Fox. “EPA is committed to working with our federal, state, and water sector partners to increase the sector’s resilience and improve cyber-resilience practices.”
All WWS utilities are encouraged to use this incident response guide to augment their incident response planning and collaboration with federal partners and the WWS before, during, and following a cyber incident. Familiarity with this guide will better prepare WWS utilities to respond to—and recover from—a cyber incident.
For more information and resources, WWS utilities are encouraged to visit CISA’s Water and Wastewater Systems Cybersecurity webpage.
Partners that contributed to this guide include:
- American Water
- Association of State Drinking Water Administrators (ASDWA)
- Centre on Cyber and Technology Innovation (CCTI)
- City of Dover
- Cyber Readiness Institute (CRI)
- Department of Homeland Security’s Office of Intelligence and Analysis
- District of Columbia Water (DC Water)
- East Bay Municipal Utility District
- EMA Inc.
- International Society of Automation (ISA)
- Maine DHHS CDC Drinking Water Program
- New Jersey Cybersecurity & Communications Integration Cell (NJCCIC)
- Platte Canyon Water & Sanitation District
- San Francisco Public Utilities Commission (SFPUC)
- Schneider Electric
- Tetra Tech
- Trinity River Authority of Texas
- Water Environment Federation
- Water Information Sharing and Analysis Center (WaterISAC)
- West Yost Inc.
- Individuals from the American Water Works Association (AWWA)
CISA is the United States’ cyber defense agency and national coordinator for critical infrastructure security. It leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
- Why does clean data matter in construction?
- Protecting water from cyberattacks
- Cybersecurity firms inks deal with Water Corporation