CISA, EPA, and FBI Release Updated Fact Sheet on Top Cyber Actions for Securing Water Systems

This week, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resources—from the American Water Works Association (AWWA), the WaterISAC, and MS-ISAC—to support water systems in defending against malicious cyber activity.

The fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to protect water systems from malicious cyber activity, focusing on eight actions that can be implemented concurrently:

• Reduce Exposure to the Public-Facing Internet
• Conduct Regular Cybersecurity Assessments
• Change Default Passwords Immediately
• Conduct an Inventory of Operational Technology/Information Technology Assets
• Develop and Exercise Cybersecurity Incident Response and Recovery Plans
• Backup OT/IT Systems
• Reduce Exposure to Vulnerabilities
• Conduct Cybersecurity Awareness Training

ASDWA encourages its members to review and incorporate the fact sheet into their cybersecurity outreach and communications with PWSs. For more information and additional resources, visit cisa.gov/water.