Security News > 2024 > February > US govt shares cyberattack defense tips for water utilities
CISA, the FBI, and the Environmental Protection Agency shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks.
The fact sheet they published today outlines the top eight actions U.S. Water and Wastewater Systems sector organizations can take to reduce cyberattack risks and boost their resilience against malicious activity.
Since the start of the year, several water treatment companies have been breached in ransomware attacks that forced them to shut down systems to contain the breaches, including Veolia North America and the U.K.'s Southern Water.
In September, the U.S. cybersecurity agency also released a free security scan program to help critical infrastructure facilities like water utilities detect security gaps and secure systems from cyberattacks.
In November, CISA warned that hackers infiltrated a Pennsylvania water facility by exploiting vulnerable Unitronics programmable logic controllers, although potable water safety for local communities remained uncompromised.
These ransomware attacks impacted a South Houston wastewater treatment plan in 2011, a water company with outdated software and hardware equipment in 2016, the Southern California Camrosa Water District in August 2020, and a Pennsylvania water system in May 2021.
News URL
Related news
- US Defense Dept received 50,000 vulnerability reports since 2016 (source)
- US critical infrastructure cyberattack reporting rules inch closer to reality (source)
- Kremlin's Sandworm blamed for cyberattacks on US, European water utilities (source)
- US govt sanctions Iranians linked to government cyberattacks (source)