Cybersecurity Best Practices: How Water Labs Can Protect Themselves
As ransomware attacks threaten computers and operations across the world, water sector officials are looking for ways to support and strengthen their cybersecurity systems. In fact, the U.S. Department of Homeland Security and the Federal Bureau of Investigation found that the Russian government is targeting the water sector and other infrastructure sectors for security attacks.
In a June 2021 Water Sector Security Coordinating Council survey, 41.25% of respondents said they needed more threat information. Of those 606 survey responses, 26.72% admitted that they perform cybersecurity risk assessments less than once per year.
By following certain best practices, you can significantly improve your system defenses against security attacks.
Areas of Security to Consider
The first step to better cyber protection is knowing the specific areas in which your data and systems could be breached. Make sure to do the following:
- Keep an inventory of control system devices and ensure this equipment is protected from networks outside the utility. Never allow a machine on the control network to "speak" directly to a machine on the business network or the internet.
- Allocate IT assets, data, and personnel into groups and apply firewalls to them.
- Confirm that you have a secure method, like a virtual private network, if remote access is used.
- Use strong passwords, and set different passwords for different accounts.
- Monitor for and apply IT system patches and updates.
- Enable rapid detection of a breach or vulnerability in your security technology and implement an incident response plan.
For more on these and other areas at stake, consult the Environmental Protection Agency (EPA)'s Water Sector Cybersecurity Brief for States.
Tips for Securing Your Water Lab
If you're worried about where to begin, start with a worksheet that lists steps to improve your water lab security.
The steps can look like this:
- Audit IT systems to locate vulnerabilities.
- Make a list of the top risks and how to address them.
- Verify that IT systems have current anti-virus and anti-malware software.
- Install security patches every month on all IT systems.
- Institute secure policies for mobile devices.
- Administer training for utility staff and contractors.
- Set up system redundancies to limit service outages.
- Develop an emergency recovery plan for vital IT systems.
To find additional information, consult the EPA's best practices for cybersecurity.
Responding to a Suspected Threat
If you suspect that a cyber incident has occurred at your water or wastewater utility, make sure to follow these steps:
- Detach compromised computers from the network. Leave systems in operation, and don't reboot.
- Assess the range of the breach and seclude all affected IT systems.
- Begin a service order with your anti-virus software or security service vendor.
- Evaluate any damage, including threats to treatment operations or service disruptions.
You should also involve regulatory and enforcement offices. Keep a list of emergency contacts, and do the following:
- Report the breach or incident to local law enforcement and the state.
- Reach out to the DHS Cybersecurity and Infrastructure Security Agency, which can assist you in improving security.
- Send an incident report through WaterISAC, the security network of the water and wastewater sector.
One of the most important actions you can take is to meet with your employees and contractors to thank them for their work in maintaining security. Focus on the protective strategies that will help you stay ahead of any problems and turn incidents into advancement opportunities. You can also add best practices to your annual goal-setting to align with your company's strategies and objectives.