As cyber attacks continue suppressing critical infrastructure sectors like water and wastewater systems, implementing proper cybersecurity practices is becoming more vital in protecting against highly disruptive cybersecurity incidents. According to the Environmental Protection Agency (EPA), these threats on process control systems have the capacity to upset treatment/conveyance processes, steal customer personal data and credit card information from the billing system, and install ransomware to disable all control systems. Compromised water and wastewater facilities then face faltering levels of customer confidence along with financial and legal liabilities. In response, the EPA has taken steps to implement new cybersecurity rules for water sector agencies.

The EPA’s New Cybersecurity Policy

The Environmental Protection Agency recently announced that the sanitary survey reviews conducted at water facilities will be extended to include cybersecurity. Anne Neuberger, the deputy national security adviser for cyber and emerging tech, made the announcement, stressing the efficacy of public-private partnerships and the current missing elements in U.S. critical infrastructure. She states that the Australian legislation for cybersecurity follows a model that should be emulated by the U.S. The framework of the Australian Security of Infrastructure Act implements a cybersecurity standard to improve the transparency and operational control of Australian infrastructure, facilitates collaboration between government, regulators, and operators of infrastructure, and provides a means to respond to cybersecurity threats.

Anne stresses the importance of protecting critical infrastructure, stating that “When we drive a car, the car comes with the seatbelt, comes with airbags. It comes with standards for what’s the speed you can drive on the road. And what happens if there’s a major accident? We need the same with cyber.”

What the EPA Recommends

The Environmental Protection Agency also currently recommends implementing a cybersecurity program to remove any possible vulnerabilities that these attacks could exploit. You can check out the EPA’s cybersecurity resources page for the water sector on their website. Some precautions they recommend include ensuring that all IT systems have up-to-date security patches, separating network and control access based on job functions, and developing a contingency recovery plan for any critical systems.

Alvaka also recommends applying key mitigations to increase your cyber resilience in the following blog, Reduce the Risk of Ransomware & Other Cyber Attacks.

Click HERE to more about our Ransomware Prevention and Recovery Services! We are available 24×7 to assist you with any of your ransomware needs.

Latest Ransomware Related Blogs

Ransomware impact on customer trust. lose-up of hands on a laptop keyboard with glowing code and digital particles floating around, giving a high-tech, programming or hacking impression.
Cloud ransomware vulnerability assessment. A hand holds a smartphone above an open laptop. On the laptop screen is a vivid red warning symbol with an exclamation mark inside a triangle, along with icons for email and settings. White arrows labeled "IN" and "OUT" point between the phone and laptop, suggesting a file upload or data transfer in progress. The scene conveys a cyberattack, security breach, or phishing warning.
Ransomware risk management framework. A professional wearing a blue shirt is interacting with a virtual, transparent interface emerging from their laptop. They use a stylus pen, suggesting precise control. Floating around their hands are various icons symbolizing technology, including cloud services, data analytics, global connectivity, finance or banking, and artificial intelligence. The image conveys the themes of digital transformation, data analysis, and secure management through technology.
Ransomware preparedness audits. A person dressed professionally is sitting at a laptop, typing on the keyboard. Around the laptop, there are virtual icons floating in the air, labeled with things such as problem-solving (a lightbulb icon), decision-making (gear icons with check and cross marks), and risk assessment (represented by a notepad icon). This image highlights a person engaged in analytical or cybersecurity-related work, emphasizing thoughtful decision-making.
ransomware resources
Contact Alvaka