White House Announces Industrial Control Systems Water and Wastewater Sector Action Plan

In a continued effort to bolster national cybersecurity defenses and information-sharing, the Biden Administration introduced the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan on January 27th, 2022.

According to the White House statement, the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action (Water Sector Action) Plan is a collaborative effort between the federal government and the critical infrastructure community to facilitate the deployment of technologies and systems that provide cyber-related threat visibility, indicators, detections and warnings.

Developed collectively by the Water Sector Coordinating Council (WSCC), Environmental Protection Agency (EPA) and the Cybersecurity and Infrastructure Security Agency (CISA), the Water Sector Action Plan outlines surge actions that will take place over the next 100 days to improve the cybersecurity of the public and private water sector.

“Over the past year we’ve seen cyber threats affecting the critical infrastructure that underpins our communities and the services we all rely on, including safe and clean water,” said CISA Director Jen Easterly. “To reduce the likelihood and impact of damaging cybersecurity intrusions to the water sector, we’re teaming up with our EPA partners to provide guidance, technology, and direct support to the sector.”

The full Fact Sheet from the White House briefing room is available at www.whitehouse.gov/briefing-room/statements-releases/2022/01/27/fact-sheet-biden-harris-administration-expands-public-private-cybersecurity-partnership-to-water-sector/ and key points are outlined below:

  • Similar to electric and pipeline action plans, this plan will assist owners and operators with deploying technology that will monitor their systems and provide near real-time situational awareness and warnings. The plan will also allow for rapidly sharing relevant cybersecurity information with the government and other stakeholders, which will improve the sector’s ability to detect malicious activity.
  • EPA and CISA will work with water utilities and invite them to participate in a pilot program for ICS monitoring and information sharing. This pilot will demonstrate the value of such technology to the sector. The WSCC, CISA, and EPA will also collaborate to promote cybersecurity monitoring to the entire sector.
  • The plan will meet the particular requirements of this sector. This sector is made up of thousands of systems that range in size from the very small to ones that service major metropolitan cities that have little or no cybersecurity expertise and are unsure what steps they should take to address cyber risks. EPA and CISA will work with appropriate private sector partners to develop protocols for sharing information. The government will not select, endorse, or recommend any specific technology or provider.
  • The plan will initially focus on the utilities that serve the largest populations and have the highest consequence systems; however, it will lay the foundation for supporting enhanced ICS cybersecurity across water systems of all sizes.

The Water Sector Action Plan is an extension of the Industrial Control Systems Cybersecurity Initiative which was developed to help the federal government and critical infrastructure entities partner to provide transparency, indicators, detections and warnings for cyber-threats.

Related Articles

Related Links

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Single Audit Reporting Reminders
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×