The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has launched a program to provide free security scans for critical infrastructure facilities, particularly water utilities, in a bid to bolster their defenses against potential cyberattacks.
Developed in collaboration with key entities like the Environmental Protection Agency (EPA), Water Sector Coordinating Council (WSCC), and the Association of State Drinking Water Administrators (ASDWA), this initiative invites operators of drinking water and wastewater systems to participate. The program’s goal is to enhance security by identifying vulnerabilities and misconfigurations in publicly exposed devices through specialized scanners run by CISA agents. CISA then delivers regular reports and recommendations to address these issues.
The scanning program focuses on externally assessing networks for vulnerabilities originating from publicly facing devices, aiming to minimize the risk of cyberattacks on these essential utilities. It offers a no-cost vulnerability scanning service subscription to help drinking water and wastewater systems identify and rectify vulnerabilities. The scanning process includes identifying internet-exposed endpoints and uncovering known hacker-exploited vulnerabilities or misconfigurations.
Subsequent scans track the progress of water utilities in mitigating previously identified problems, with quick response times for critical flaws and actively exploited vulnerabilities.
CISA emphasizes that its automated scanners do not access private networks or make any changes, ensuring no data exposure for stakeholders. To enroll in the program, interested utilities can contact vulnerability@cisa.dhs.gov, providing their utility’s name and address.
Recent security breaches in water treatment facilities have underscored the need for robust security measures, making this program a vital step toward safeguarding these systems.
As ransomware attacks on public utilities rise, securing water utilities is not just a public health priority but also a critical aspect of national security.
