2024-01-25
CISA Cybersecurity Incident Response Guidance for Water Sector
The US Cybersecurity and Infrastructure Security Agency (CISA) has published a cyber incident response guide for the water and wastewater sector. The document establishes cyberincident reporting guidance for the water sector; identifies pertinent resources, services, and free training; and encourages utilities to establish a robust cybersecurity baseline and to become members of local cybersecurity communities.
Editor's Note
This guidance is not just about reporting, but also getting your ducks in a row ahead of time. You can engage CISA to evaluate your security posture, and make sure you're actively participating in your local cyber community, from industry specific ISAC, to professional organizations such as ISSA, ISACA and ISC2, there are lots of affordable ways to get connected with nearby expertise.

Lee Neely
Timely given recent cyber-attacks against water utility providers in Ireland, the UK, and US. While the guide is specific to the US water sector, with minimal ‘cut-n-paste’ it can be applied to every critical infrastructure sector, especially the incident response section.

Curtis Dukes
Special industry guidance should not be necessary except that this is an industry with many small scale operators and little security competence. They need an ISAC. In the absence of their own, operators might subscribe to the MS-ISAC.
