CISA, EPA release cyber incident response guide for water sector

Jan. 24, 2024
The Water and Wastewater Sector Incident Response Guide provides best practices for cyber incident response and lays out information about each stage of the response lifecycle.

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has published a cyber incident response guide for waste and wastewater systems.

The Water and Wastewater Sector Incident Response Guide is developed in collaboration with the Federal Bureau of Investigation (FBI), U.S. EPA. And over 25 water and wastewater sector partners. It provides best practices for cyber incident response and information about federal roles, resources, and responsibilities for each stage of the response lifecycle.

Technical expertise is not required to understand and use the guide. It covers the incident response lifecycle in four stages:

  • Preparation: Water and wastewater organizations should have an incident response plan in place, implement available services and resources to raise their cyber baseline and engage with the sector's cyber community.
  • Detection and analysis: Accurate and timely reporting and rapid collective analysis are essential to understand the full scope and impact of a cyber incident. The guidance provides information on validating an incident, reporting levels, and available technical analysis and support.
  • Containment, eradication, and recovery: While utilities are conducting their incident response plan, federal partners are focusing on coordinated messaging and information sharing, and remediation and mitigation assistance.
  • Post-incident activities: Evidence retention, using collected incident data, and lessons learned are the overarching elements for a proper analysis of both the incident and how responders handled it.

“The Water and Wastewater Systems sector is under constant threat from malicious cyber actors,” said Eric Goldstein, CISA Executive Assistant Director for Cybersecurity.
“This timely and actionable guidance reflects an outstanding partnership between industry, nonprofit, and government partners that came together with EPA, FBI and CISA to support this essential sector. We encourage every WWS entity to review this joint guide and implement its recommended actions.”

"The Water and Wastewater Systems Sector is a vital part of our critical infrastructure, and the FBI will continue to combat cyber actors who threaten it,” said Assistant Director Bryan Vorndran of the FBI’s Cyber Division. “A key part of our cyber strategy is building strong partnerships and sharing threat information with the owners and operators of critical infrastructure before they are hit with an attack.”

CISA encourages all water and wastewater utilities to use this incident response guide to augment their response planning before, during and after a cyber incident. Familiarity with this guide will better prepare utilities to respond to — and recover from — a cyber incident.

“Cyber threats to the water sector represent a real and urgent risk to safe drinking water and wastewater services that our nation relies on,” said EPA Assistant Administrator for Water, Radhika Fox. “The incident response guide assists utilities with approaches for collaboration with federal entities on lowering cyber risk in our nation’s drinking water and wastewater systems.”

More information and resources are available at CISA’s Water and Wastewater Systems Cybersecurity webpage.

CISA stated that the partners that contributed to this guide include:

  • AlexRenew
  • American Water
  • Association of State Drinking Water Administrators (ASDWA)
  • Center on Cyber and Technology Innovation (CCTI)
  • City of Dover
  • Cyber Readiness Institute (CRI)
  • Department of Homeland Security’s Office of Intelligence and Analysis
  • District of Columbia Water (DC Water)
  • Dragos
  • East Bay Municipal Utility District
  • EMA Inc.
  • Google/Mandiant
  • International Society of Automation (ISA)
  • Maine DHHS CDC Drinking Water Program
  • Microsoft
  • New Jersey Cybersecurity & Communications Integration Cell (NJCCIC)
  • Platte Canyon Water & Sanitation DistrictSan Francisco Public Utilities Commission (SFPUC)
  • Schneider Electric
  • Tenable
  • Tetra Tech
  • Trinity River Authority of Texas
  • Water Environment Federation
  • Water Information Sharing and Analysis Center (WaterISAC)
  • West Yost Inc.
  • Xylem
  • Individuals from American Water Works Association (AWWA)