The National Rural Water Association is encouraging water and wastewater utilities of all sizes to tighten cyber security.
Both water and wastewater systems are considered National Critical Functions or a lifeline and therefore a necessity to all. A security breach could cause issues ranging from economic to public health.
The Cybersecurity and Infrastructure Security Agency (WaterISAC) is focused on the effect of large water system outages but the association warns that a cyber-attack at a smaller system can be just as damaging to the people and economy in those communities.
The agency lists 15 tips for water utilities to tighten cyber security.
WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities says these should be implemented by all, as long as they apply:
1. Perform Asset Inventories
2. Assess Risks
3. Minimize Control System Exposure
4. Enforce User Access Controls
5. Safeguard from Unauthorized Physical Access
6. Install Independent Cyber-Physical Safety Systems
7. Embrace Vulnerability Management
8. Create a Cybersecurity Culture
9. Develop and Enforce Cybersecurity Policies and Procedures
10. Implement Threat Detection and Monitoring
11. Plan for Incidents, Emergencies, and Disasters
12. Tackle Insider Threats
13. Secure the Supply Chain
14. Address All Smart Devices
15. Participate in Information Sharing and Collaboration Communities