The Cybersecurity and Information Security Agency (CISA) has released a Request for Information (RFI) to inform the agency’s development of new critical infrastructure cyber incident reporting rules enacted by Congress earlier this year. Congress approved the Cyber Incident Reporting for Critical Infrastructure Act in March. The law directs CISA to develop rules requiring covered critical infrastructureRead More

Recently, the U.S. EPA’s Office of Water finalized a report describing how it plans to provide voluntary cybersecurity technical support to drinking water systems, the second of two cyber-related actions that were mandated by Congress last year as part of the Bipartisan Infrastructure Law. The infrastructure law first required EPA toRead More

Cyberattacks on industrial control systems/operational technology are more likely to have a credit and ESG impact than a corresponding attack on IT, Fitch Ratings says. Operational technology (OT) systems are vital production technologies that prioritize product or service availability and human safety and are often found in critical infrastructure environments.Read More

Under a bill approved by the House of Representatives, state, local, territorial and tribal governments would be able to receive training and information about “cybersecurity threat indicators and response actions” from the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security. According to an update fromRead More

In a hearing in early April, the American Water Works Association (AWWA) testified on the issue of cybersecurity before the House Committee on Homeland Security, asserting a new approach is needed that “sets minimum cybersecurity standards for all types of water systems.” The hearing was titled “Mobilizing our Cyber Defenses: Securing CriticalRead More

By Andrew Farr According to government officials, security experts and persistent media reports, all signs indicate that cybersecurity is an issue that is here to stay and puts U.S. infrastructure squarely in the crosshairs of hackers and foreign governments. Recently the issue has been heightened by the war in UkraineRead More

Amid Russia’s invasion of Ukraine and escalating concerns about potential cyberattacks, the Senate last week unanimously approved a package of cybersecurity legislation that includes provisions that would require certain critical infrastructure owners and operators to promptly report cyber intrusions to DHS. While water and wastewater systems are not specifically referenced in theRead More

By Charlie Moskowitz It has been another record-breaking year for cybersecurity incidents. According to Identity Theft Resource Center (ITRC) research, data breaches in just the first nine months of 2021 surpassed all breaches in 2020 by 17 percent. Many of these incidents have been met with a collective shrug fromRead More

In December, several water sector associations wrote to EPA Assistant Administrator for Water Radhika Fox to express concern and opposition to the agency’s plans to incorporate cybersecurity audits as part of utility sanitary surveys. The EPA proposal was included in its FY22 budget request to Congress and officials have beenRead More

Water technology company, Xylem Inc., and Dragos, Inc., a provider of cybersecurity solutions for industrial controls systems (ICS)/operational technology (OT) environments, are partnering to bring “best-in-class industrial cybersecurity” to critical infrastructure in the water sector.  The agreement will see Xylem and Dragos offering co-branded incident response and incident prevention servicesRead More