New initiative to secure US water-systems against Cyberattacks

The United States under Biden’s command will initiate a new agenda to protect the country’s water sector against cyberattacks, which comes besides their security hardening protocols undertaken recently.

The federal government will extend Biden’s Industrial Control Systems(ICS) Cybersecurity Initiative that was launched last year which includes the natural gas pipelines and electric system. The program will support and encourage the US water-systems owners to enrich their security posture to stay safe from cyberattacks.

This is a 100 day process and will facilitate increasing the security layers of water sector and the threats detected will be shared with the federal entities for further investigation.

Cybersecurity in US water-systems

The Cyber Resilience in US water-systems is very negligible and it has to meet certain thresholds to withstand the threats today, said a Senior Biden Administration Official.

This effort strengthen the water sector is a combined act by CISA and Environmental Protection Agency. The US state intelligence has predicted increased ransomware attacks targeting the US water-systems, which is why this new process is being proposed.

In October, the CISA, FBI, NSA and EPA published a joint security advisory highlighting the increase in ransomware attacks and the states that are under the hacker’s radar. Considering the intruder breach on Florida-based water treatment facility altering the plant’s normal operations by modifying the sodium hydroxide level, the new security posture is a mandatory process to ensure the safety of water plants. If breached and compromised the effects could impact 300 million Americans across 150,000 public systems.

Since most of these US water-systems are autonomous and operate independently right from intake to distribution of the water, the process at each stage could be manipulated, modified or shutdown as per the hackers strategy, which is why the need for enhanced cybersecurity protocols is mandatory for the water plants and other water-based premises.

Attack on Colonial Pipeline creates the need for powerful ICS monitoring

The ransomware attack on Colonial Pipeline last year by the REvil ransomware group is a warning for the federal bodies to make appropriate security measures to ensure the safety of the organizations, while Colonial Pipeline was huge the one on JBS Foods where they need to pay around 11 million dollars to recover their data is devastating for the US and but motivating for attackers.

The 100 day initiative will be focused on US water-systems first as they server large American population and an attack on these entities could bring in massive consequences. The EPA will request US water-system operators to participate in this pilot program voluntarily to study the entire process and the resources required for the same.

Since CISA is responsible for taking care of the nation’s critical infrastructure, there is further clarity needed on whether the federal government will deploy the latest technology for cybersecurity via the existing programs or a new one. This digital threat monitoring is already employed by a few water plants and the EPA will reach out to those organizations for more data and analysis.

This new initiate will improve the understanding between water utilities and the US government and will share the critical security information among themselves to achieve better security posture overall. Unlike the Transportation Security Administration, the EPA lacks powers to enrich their security posture which is why this ICS monitoring will only enrich the country’s overall security posture, said the Biden Administration Officials.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.