While the threat landscape is varied, the current ransomware scourge dominates the headlines and attack disclosures. From major gas and oil pipelines, food/meat processors, hospitals, schools, and countless city and municipal government entities – to include more than a few water and wastewater sector utilities – ransomware not only elevates the very real and present danger of cyber threats, but has been deemed a national security threat. Albeit, ransomware is not the only cyber threat facing our nation, efforts to protect our critical infrastructures against it go a long way toward overall cyber resiliency.
Protecting the critical infrastructure of the U.S. is a responsibility of all critical asset owners and operators. However, many utilities are smaller and lack resources (time, money, staff) to adequately protect their own assets, leaving them exposed to cyber attacks. The lack of resources often translates into a lack of action, as utilities are left asking what to do, how to do it, or where to start securing their systems. WaterISAC’s mission is to help water and wastewater utilities of all sizes improve their cybersecurity posture for the benefit of the entire sector and we want to help resource constrained utilities answer the what, how, and where of cybersecurity. To that end, we will be starting a new “Fundamentals First” Series that will highlight sections from our 15 Cybersecurity Fundamentals for Water and Wastewater Utilities by organizing them according to the ones that provide the most efficient risk reduction return on your time/money/staff investment. Members are encouraged to download and get acquainted with the 15 Cybersecurity Fundamentals for Water and Wastewater Utilities and follow along with our Fundamentals First Series starting soon. Spoiler alert: Get very familiar with #1 – Perform Asset Inventories.