CISA Highlights Water Sector Cyber Threats – “Target Rich, Cyber Poor”: Strengthening Our Nation’s Critical Infrastructure Sectors

In a recent blog post, Nitin Natarajan, Deputy Director at CISA, highlighted the threat to U.S. critical infrastructure by nation-state and cybercriminal organizations around the globe. The world has witnessed increasingly frequent attacks against small and medium sized businesses, including K-12 schools, water utilities, and healthcare organizations over the last several years. Natarajan notes that these specific sectors are at elevated risk as they are generally seen as highly profitable “target-rich, cyber poor” organizations.

CISA’s consistent efforts aim to bolster the cyber defenses of these organizations through a variety of free resources and support initiatives. For the water sector specifically, CISA has engaged extensively with industry partners, providing risk assessments, guidance, and facilitating cybersecurity exercises to enhance resilience against cyber threats. In 2023 alone, more than 1,700 engagements were conducted with water entities, reflecting a commitment to improving cybersecurity awareness and preparedness within the sector. Free resources for the water sector include:

• Water and Wastewater Cybersecurity webpage
• Water/Wastewater Systems CTEP
• Joint cyber hygiene fact sheet for water
• Fact Sheet: Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems
• CISA’s Free Cyber Vulnerability Scanning for Water Utilities

CISA underscores that protecting critical infrastructure, including the water sector, requires a collective effort from all organizations, regardless of size. It calls on entities to take advantage of available resources and collaborate with local CISA partners to safeguard against evolving cyber threats. Access the full blog post at CISA.

Additional Resource:

• The Role of Cybersecurity in Protecting Critical Infrastructure: Focus on Energy and Water Sectors