“`html
TLDR:
- NIST published a draft OT cybersecurity guide for the water sector focusing on securing operational technology.
- The guide addresses the need for cybersecurity solutions for water utilities despite remote connection ports.
NIST has released a draft reference guide aimed at securing water and wastewater utilities from emerging cyberthreats. The guide focuses on the secure authorization of remote access to operational technology systems despite the presence of remote connection ports. This is in response to a growing concern for the security of water systems following cyberattacks on municipal water authorities, such as the incident in Aliquippa, Pennsylvania. The guide proposes solutions for a variety of water systems, including cloud-based remote access solutions applicable to systems of all sizes.
The project explores the implementation of commercially available products to mitigate cybersecurity risks. It includes recommendations for asset management, data integrity, network segmentation capabilities, and remote access to OT assets from outside the OT environment. The draft guide addresses critical cybersecurity concerns for water and wastewater utilities, such as incomplete inventories of OT equipment and software, data integrity issues, and network segmentation to prevent unauthorized access to sensitive systems.
NIST is seeking feedback on the guide until July 15, as the Environmental Protection Agency has warned of increased cyberattacks on the water and wastewater sectors. The guide is a response to the need for best practices, guidance, and solutions to ensure that the cybersecurity posture of water facilities is safeguarded from malicious actors.
“`