You are here

CISA Continues to Urge Organizations to Immediately Implement Cybersecurity Measures to Protect Against Potential Threats

CISA Continues to Urge Organizations to Immediately Implement Cybersecurity Measures to Protect Against Potential Threats

Created: Wednesday, January 19, 2022 - 11:34
Categories:
Cybersecurity, OT-ICS Security, Security Preparedness

Yesterday afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) published a new CISA Insights urging organizations to immediately implement cybersecurity measures to protect against potential critical threatsCISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. This notice is in response to the recent cyber events against Ukrainian government entities, including website defacements and the destructive NotPetya-style WhisperGate wiper malware, and continues to emphasize the ongoing concern and importance of protecting critical infrastructure from direct or indiscriminate attacks due to increased geopolitical tensions.

What Actions are Recommended for Water and Wastewater Systems?

Water and wastewater utilities are strongly encouraged to proactively protect against these threats and continue following EPA, WaterISAC, and other federal partner guidance, advisories, and webinars regarding Russian state-sponsored cyber threats. Regardless of the suspected direct targeting of Ukrainian infrastructure, water and wastewater utilities (and other critical infrastructure partners) could experience indiscriminate attacks similar to what occurred in the 2017 NotPetya incident.

Members can access the joint EPA-WaterISAC webinars here: EPA-WaterISAC Webinar: Cybersecurity Recommendations in Consideration Russian State-Sponsored Cyber Operations Against U.S. Critical Infrastructure. Likewise, water and wastewater system owners and operators should review the CISA Insights and other previously published advisories on the WaterISAC portal (additional links below).

In addition to requiring strong/unique passwords and implementing multifactor authentication (MFA), other key actions for water and wastewater systems include the following:

  1. Identify Crisis Teams and Surge Support. Identify crisis teams and surge support for responding to an incident when there are gaps in organizational cybersecurity, such as overnight, weekends, and holidays. Likewise, teams should be familiar with incident response plans, including a resilience plan addressing how to operate if you lose access to or control of critical OT or IT systems – including the ability to sustain manual operations.
  2. Backup Data. Implement and test data backup procedures on both IT and OT networks and ensure copies of backups are isolated (stored offline) from the network.
  3. Network/Systems Awareness. Be alert for unusual behavior in operational technology (OT) or information technology (IT) systems, such as unexpected reboots of digital controllers and other OT hardware and software, and delays or disruptions in communication with field equipment or other OT devices. Likewise, it may be necessary to enhance logging to effectively investigate anomalous activity – including collecting more logs and increasing storage capacity and retention time.
  4. Address known exploited vulnerabilities. This could include patching and/or additional controls such as network segmentation to protect vulnerable devices that cannot effectively be patched. CISA maintains a catalog of Known Exploited Vulnerabilities that utilities are encouraged to review to help prioritize identification and remediation of vulnerable systems within their environment.

Prior WaterISAC and EPA webinars and advisories

Additional Resources

WaterISAC Incident Reporting
WaterISAC encourages all utilities that have experienced malicious or suspicious activity to email [email protected], call 866-H2O-ISAC, or use the confidential online incident reporting form. Reporting to WaterISAC helps utilities and stakeholders stay aware of the threat environment of the sector.