CISA has announced the transition of its cyber incident reporting form to a new CISA Services Portal, aimed at enhancing the reporting process. WaterISAC joins CISA in reminding members of the importance of reporting incidents as it benefits not only their utility but the entire sector and wider community as a whole.   

The new incident reporting portal is designed to improve the process of reporting cyber incidents within a secure platform, including compatibility with login.gov credentials. It allows users to save and update reports, search and filter through reports, and share submitted reports with colleagues or clients for third-party reporting. Additionally, a new collaboration feature enables users to engage in informal discussions with CISA.

Reporting suspected or confirmed incidents is extremely valuable to the sector and, in many cases, national security. Reporting incidents helps WaterISAC and government agencies learn which threats utilities are facing. This, in turn, influences the development of knowledge and resources to prevent future compromises and to assist with recovery and response.

To guide incident reporters through the reporting process, CISA also released a voluntary cyber incident reporting resource. It helps entities understand “who” should report an incident, “why and when” they should report, as well as “what and how to report.”

The following includes incident reporting guidance WaterISAC has continued to share with the sector. We recommend members supplement this guidance with CISA’s new incident reporting portal:

• Report to CISA’s 24/7 Operations Center at Report@cisa.gov or (888) 282-0870 or your local FBI field office. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
• Water and Wastewater Systems Sector organizations are encouraged to contact the EPA Water Infrastructure and Cyber Resilience Division at watercyberta.gov to voluntarily provide situational awareness.

Members are also strongly encouraged to include WaterISAC in their incident reporting. You can report incidents or suspicious activity to WaterISAC in three ways:

1. By filing a confidential report at https://www.waterisac.org/report-incident
2. By emailing analyst@waterisac.org.
3. By calling our analyst desk at 866-H2O-ISAC.

For more details on CISA’s new incident reporting portal, visit CISA.