The federal government is shining a light on the vulnerability of America’s water and wastewater (WWS) infrastructure. Last week, CISA, the FBI, and the EPA published new guidance designed to help companies in that sector improve their cybersecurity resilience. The Water and Wastewater Sector – Incident Response Guide outlines federal agencies’ roles, the utilities’ responsibilities, and the resources available to design stronger defenses.
The specific concern around water utilities is more than warranted. In late November, hackers took control of the water authority in Aliquippa, Pennsylvania, gaining access via an OT device exposed to the Internet. Armis released a report on Monday showing that cybersecurity attacks more than doubled in 2023, and utilities were the most at-risk industry, with attacks increasing over 200 percent. Cyberwarfare expanded in 2023 as well, with .cn and .ru domains contributing, on average, 30 percent of monthly attack attempts.
The new guide provides WWS organizations with a step-by-step framework for identifying and responding to cyber incidents. The framework has four phases: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity. I wonder how many organizations truly have the situational awareness necessary to evaluate their preparedness for attacks.
Organizations need the ability to see every device outside and inside their environments. This includes unmanaged IoT and OT devices, like the one that caused the Aliquippa breach. Are your assets interacting correctly with each other? Are they engaging in regular or abnormal behavior? Are they being patched regularly? In short – how do you know what to do to be less vulnerable today than you were yesterday?
I sometimes use the analogy of a person on NextDoor reading about recent burglaries in their neighborhood. Their first thought would not be, ‘I need a response plan,’ but ‘ What can I do right now to protect myself and my home better?’ They could purchase stronger locks, sign up with a security service, buy a front door camera, etc.
Last week’s WWS guide contains valuable information to help water utility operators improve their security. But attacks are accelerating, and it’s very hard to prepare for what you cannot see. Armis works with both public and private sector customers and partners to close the IT/OT visualization gap and provide situational awareness of every asset to protect our national infrastructure. We enable organizations to protect against cyberattacks by allowing them to see and secure everything – all IT, OT, IoT, virtual, cloud workloads, software, managed and unmanaged assets. Complete visibility and intelligence about your assets gives you the situational awareness needed for an effective and resilient cybersecurity framework.
Our customers benefit from a powerful and SaaS-based approach to asset management that enables them to stay on top of their inventory. They can quickly uncover and eliminate gaps and optimize their IT network security, keeping pace with escalating levels of cyber attacks. This approach ensures compliance with evolving regulations and industry standards. Armis threat visibility allows agencies to take a more holistic approach to security instead of a reactive posture focused on preventing the last known breach. We provide unique and actionable cyber intelligence that detects and addresses real-time threats across the growing government attack surface.
To learn more about how Armis can help your agency, contact us today!