Unveiling federal cyber guidance for water industry: stay secure

January 21, 2024
1 min read

TLDR:

  • U.S. water and wastewater organizations receive new cybersecurity guidance from government agencies.
  • The guidance covers incident preparation, identification, analysis, containment, recovery, and post-incident actions.

Organizations in the U.S. water and wastewater sector have been provided with new cybersecurity best practices guidance by the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the FBI. This guidance comes after a report from the Office of the Inspector General highlighted inadequate federal collaboration with the industry regarding cybersecurity threats.

The guidance, developed in collaboration with industry organizations and government entities, provides detailed information on cyber incident preparation, identification, analysis, containment, recovery, and post-incident actions. It also includes information on federal agencies that can assist in the event of a cyberattack. The aim is to enhance the industry’s defenses against cyber threats, as water and wastewater firms are commonly targeted but lack adequate cybersecurity measures.

CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein, stated that CISA’s regional team members will continue to engage with water and wastewater sector partners to offer voluntary services and serve as a resource for continuous improvement.

This new guidance is crucial for the water and wastewater sector as they face increasing cybersecurity threats. By providing industry-specific best practices, the guidance helps these organizations prepare, identify, and respond to cyber incidents effectively. It also highlights the importance of collaboration between federal agencies and the industry to ensure a coordinated and efficient response to cyberattacks.

Overall, this guidance is a significant step in strengthening the cybersecurity defenses of the water and wastewater industry. It not only provides organizations with practical guidance on how to handle cyber incidents but also emphasizes the importance of collaboration and continuous improvement in the face of evolving cyber threats.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and