CISA, FBI, EPA issue response guidance for cyber incidents

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.S. Environmental Protection Agency (EPA) published a guide in January to assist water and wastewater owners and operators in cyber incident response.

The guidance also provides information about federal roles, resources and responsibilities for each stage of the response lifecycle. Technical expertise is not required to understand and use the guide.   

RELATED — EPA pulls back cybersecurity rule

Developed in collaboration with more than 25 water/wastewater sector, nonprofit and state/local government partners, the guidance covers the four stages of the incident response lifecycle:  

  1. Preparation. Sector organizations should have an incident response plan in place, implement available services and resources to raise their cyber baseline, and engage with the WWS Sector cyber community. 
  2. Detection and analysis. Accurate and timely reporting and rapid collective analysis are essential to understand the full scope and impact of a cyber incident. The guidance provides information on validating an incident, reporting levels, and available technical analysis and support.   
  3. Containment, eradication and recovery. While water/wastewater utilities are conducting their incident response plan, federal partners are focusing on coordinated messaging and information sharing, and remediation and mitigation assistance.  
  4. Post-incident activities. Evidence retention, using collected incident data, and lessons learned are the overarching elements for a proper analysis of both the incident and how responders handled it.  

“The water and wastewater systems sector is under constant threat from malicious cyber actors. This timely and actionable guidance reflects an outstanding partnership between industry, nonprofit, and government partners that came together with EPA, FBI and CISA to support this essential sector. We encourage every [water and wastewater systems] entity to review this joint guide and implement its recommended actions,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein.

“The Water and Wastewater Systems Sector is a vital part of our critical infrastructure, and the FBI will continue to combat cyber actors who threaten it,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “A key part of our cyber strategy is building strong partnerships and sharing threat information with the owners and operators of critical infrastructure before they are hit with an attack.”   

“Cyber threats to the water sector represent a real and urgent risk to safe drinking water and wastewater services that our nation relies on. The incident response guide assists utilities with approaches for collaboration with federal entities on lowering cyber risk in our nation’s drinking water and wastewater systems,” said EPA Assistant Administrator for Water Radhika Fox. “EPA is committed to working with our federal, state, and water sector partners to increase the sector’s resilience and improve cyber-resilience practices.” 

All water and wastewater utilities are encouraged to use the incident response guide to augment their incident response planning and collaboration with federal partners and the water and wastewater systems before, during and following a cyber incident.

For more info and resources, utilities are encouraged to visit CISA’s Water and Wastewater Systems Cybersecurity webpage.  

Leave a Reply

Your email address will not be published. Required fields are marked *