DHS, federal agencies urge vigilance from infrastructure operators, facilities

The Department of Homeland Security (DHS) and other federal agencies continue to urge critical infrastructure operators to be vigilant against attacks following the death of Iranian General Qassem Soleimani in a U.S. airstrike on Jan. 2.

On Jan. 6, the DHS Cybersecurity and Infrastructure Security Agency (CISA) released two new resources focused on Iranian threats. The first was an alert titled Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad. It described previous Iranian cyber activity, recommended mitigation actions, and previously observed attack techniques. The second was a CISA Insights bulletin, which described potential physical and cyber threats from Iran. It included 15 recommended protective actions: nine addressed cyberattacks and six discussed physical attacks.

Then last week, the CISA published another Insights bulletin – Enhancing Chemical Security During Heightened Geopolitical Tensions – which “urges facilities with chemicals of interest (COI)…to consider enhanced security measures to decrease the likelihood of a successful attack.” COI is a term used for a list of more than 300 hazardous chemicals that if misused could cause harm to individuals, facilities or society in general, such as if they were stolen and converted into weapons.

COIs are tracked by DHS through its Chemical Facility Anti-Terrorism Standards (CFATS) program, which regulates facilities with holdings of COIs that are determined to be high-risk. Although water and wastewater utilities are exempted from the CFATS program, CISA encourages facilities not regulated by CFATS to also consider enhanced security measures.

The Insights bulletin notes that Iran has targeted a variety of industries and organizations in the past and recommends facilities adopt a state of heightened awareness, increase organizational vigilance, confirm the incident reporting process, and exercise an incident response plan/crisis management plan. The bulletin then provides specific actions for both physical and cyber protection, such as increasing roving patrols around chemical inventories and restricted areas and engaging in application whitelisting to ensure that only approved programs are running on networks.

Utilities should report any physical security incidents or threats to WaterISAC (analyst@waterisac.org or 866-H2O-ISAC), their local police department, and the FBI (via a local field office). Malicious cyber activity should be reported to WaterISAC as well as to the FBI (via a local field office or cywatch@fbi.gov) and CISA (CISAservicedesk@cisa.dhs.gov).

Source: AMWA

Leave a Reply

Your email address will not be published. Required fields are marked *