Water Sector Cyber Threat Web Briefing – CyPhy Shouldn’t Be Science Fiction, Applying a Crown Jewel Analysis Can Help

On June 29, WaterISAC will convene its monthly Water Sector Cyber Threat Web Briefing. Presenters will cover the latest cyber threats facing the water and wastewater sector.

Recent high-profile incidents at water and wastewater utilities have aroused concerns about the sector’s cyber vulnerabilities and the potential for these to result in physical consequences. But they haven’t always accurately demonstrated where utilities are most vulnerable and where they should prioritize precious resources to address the greatest challenges. Take for example the incident at the Oldsmar, Florida water treatment plant in February 2021. While much was said about the potential for sodium hydroxide contamination, ensuing analysis revealed there was unlikely to have been any public health impact due to controls in place.

During the June Cyber Threat Web Briefing, Jeff Jones, Director of CyPhy Engineering & ICS at cybersecurity company GRIMM, will help utilities separate fact from fiction and describe how they can generate realistic attack scenarios through a “Crown Jewel Analysis.” Through this analysis, utilities define their critical processes and assets and examine how these could be compromised by known threat actor tactics, techniques, and procedures (TTPs). The task then becomes how to protect what matters most against the TTPs, such as through network segmentation, firewalls, DMZs, patching, etc. Going through a Crown Jewel Analysis will ensure your utility is prioritizing what really matters and avoiding the distractions of implausible scenarios and investments in potentially costly but ultimately unnecessary security solutions.

Open to all water and wastewater sector stakeholders.

Register any time. No need to cancel if you can’t attend.