The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Environmental Protection Agency (EPA) recently published a guide to assist owners and operators in the Water and Wastewater Systems (WWS) sector with a roadmap to preparing for, detecting, and responding to a cyberattack.

The guide details real-life incidents like a Maine utility losing control of critical processes from a compromised SCADA system. Another incident at a California facility involved a ransomware attack that went undetected for a month. More recently, a Pennsylvania facility was hit by a ransomware attack that compromised one of their PLCs. It’s believed the devices were accessed by exploiting cybersecurity weaknesses, such as poor password security and exposure to the internet.

The guide covers the four stages of the incident response lifecycle, which we’ve summarized for you below.

1. Proactive Preparation

Build an Incident Response Plan: This document is critical and outlines your response and procedures for every stage of a cyberattack, ensuring quick and coordinated action.
Raise Your Cyber Baseline: Utilize readily available tools and resources to strengthen your cyber defenses, reducing your system’s vulnerability to attack.
Join the WWS Cyber Community: Collaboration is key. Sharing best practices and knowledge of threats helps everyone create a united front against cyberattacks.

2. Swift Detection and Analysis

Validate Malicious Cyber Incident: When determining whether or not to report an incident, first do your best to validate and confirm that you're experiencing a malicious cyber incident.
Accurate and Timely Reporting: The sooner you identify and report a cyber incident, the sooner you can contain any damage. It’s important that you understand what constitutes an incident and know the appropriate reporting channels.
Rapid Collective Analysis: As the guide states, the WWS is large and complex, and cybersecurity levels vary greatly. However, collective analysis helps to inform mitigation or remediation activities and helps partners determine if collective action is needed.

3. Effective Containment and Recovery

Execute Your Incident Response Plan:This is where your preparation pays off. If you do fall victim to a cyberattack, put your plan into action. Isolate the attack, minimize damage, and restore normal operations.
Federal Partner Support: CISA, the FBI, and the EPA stand ready to assist with remediation, mitigation, and coordinated messaging to ensure a unified response.
Local Partner Support: Rexel’s cybersecurity experts have the knowledge and skillset to help you develop a robust cybersecurity plan and can help if you need to recover from a cyberattack.

4. Learning From the Experience

Secure Evidence: Make sure you preserve all relevant data that is related to the attack. It could be a valuable resource during any future investigations and prosecutions.
Analyze Incident Data: If nothing else, a cyberattack can be a good learning experience. Use it to identify vulnerabilities and improve your defenses for future threats.
Share Lessons Learned: Share your insights and experience with others in the WWS community. The collective knowledge will strengthen the industry’s overall cybersecurity posture.

Partner with Rexel Today

By following the guidance outlined in the Incident Response Guide for the WWS, you can strengthen your cybersecurity defenses and protect the vital water and wastewater systems we rely on. If you need help or support securing your critical infrastructure, contact us today.

Adapted from: CISA, FBI and EPA Release Incident Response Guide for Water and Wastewater Systems Sector

ABOUT US

Rexel Automation Solutions is committed to helping our customers achieve their desired business outcomes by delivering best-in-class customer experience and support.

We specialize in industrial automation services, solutions, and products that transform your application and operational needs into fully realized solutions, delivering measurable results and profitability for your company.

LINKS

Beyond Leaks and Breaks: New Cybersecurity Guide for Water and Wastewater Systems Sector