The Cybersecurity & Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resources—from American Water Works Association, the WaterISAC, and MS-ISAC—to support water systems in defending against malicious cyber activity. For every recommended action item, the fact sheet provides links to free resources.
The fact sheet outlines practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:
- Reduce Exposure to the Public-Facing Internet
- Conduct Regular Cybersecurity Assessments
- Change Default Passwords Immediately
- Conduct an Inventory of Operational Technology (OT)/Information Technology (IT) Assets
- Develop and Exercise Cybersecurity Incident Response and Recovery Plans
- Backup OT/IT Systems
- Reduce Exposure to Vulnerabilities
- Conduct Cybersecurity Awareness Training
CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity. Organizations can visit cisa.gov/water for additional sector tools, information, and resources.
If you require additional support for implementing any of these actions, contact EPA’s Technical Assistance Program for the Water Sector and/or your regional CISA cybersecurity advisor for assistance.