The plan is a collaborative effort between the federal government and the critical infrastructure community and aims to bolster the water sector’s cyber capabilities. In October last year, the Cybersecurity and Infrastructure Security Agency (CISA) warned about cyber attempts to compromise the integrity of the US water systems.
US to Extend Critical Infrastructure Protection Initiative to the Water Sector
The water sector often lacks the funds and the personnel to respond to hacking threats. The plan will come under the US’ Industrial Control System (ICS) Cybersecurity Initiative. This is a public-private cybersecurity partnership that aims to protect critical infrastructure organizations. It was developed in light of growing attacks on these sectors, such as the Colonial Pipeline hack. Currently, there are ICS initiatives in place for the electric and natural gas pipeline sub-sectors. The Biden-Harris Administration worked closely with three federal agencies to develop the Water Sector Action Plan. The agencies involved are:
Environmental Protection Agency (EPA), CISA, and Water Sector Coordinating Council (WSCC).
In October last year, the CISA warned about cyber attempts to compromise the integrity of the US water systems.
Key Highlights of the Water Sector Action Plan
The plan aims to provide the water sector with the necessary technologies and systems to provide cyber-related capabilities. These include threat visibility, indicators, and warnings. The plan will provide assistance to owners and operators of water supply facilities to help detect harmful activity. It will assist with deploying technology to monitor their security systems, and give “near real-time situational awareness and warnings”. It will also allow organizations to rapidly share any relevant information with government agencies. To kickstart the plan, EPA and CISA will run a pilot program with water utilities on ICS monitoring and information sharing. This will display the value of the new technologies to the water sector. Furthermore, CISA, EPA, and WSCC will work together to “promote cybersecurity monitoring to the entire sector.” The US water sector comprises thousands of systems along a broad spectrum of varying sizes, i.e., they go from very small to systems that service large metropolitan settlements. Worryingly, systems across this spectrum have very little or no cybersecurity expertise and are not prepared to address cyber risks. To address this, EPA and CISA will collaborate with the right partners in the private sector and develop information-sharing protocols. The press release states that the government will be unbiased in choosing technologies and providers. Initially, the plan will focus on water utilities that serve the largest populations. At the same time, it will “lay the foundation for supporting enhanced ICS cybersecurity across water systems of all sizes.”
