At RSA Conference 2020 last week, Christopher Krebs, director of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said, “I think we’re on the verge of a national crisis when it comes to ransomware.” Krebs also spoke of his agency’s role in helping to prevent the pending crisis, noting that CISA strives to serve as the “nation’s risk advisor” and plans to continue to offer training for operators of critical infrastructure. To help demonstrate the need for these services, he used the water and wastewater sector as an example, stating, “When you’re talking about 30,000 local water systems around the country, finding affordable cyber-talent becomes a big job.” Joe Weiss, an OT cybersecurity expert who WaterISAC cites frequently, was present for Krebs’ talk and offered some comments about areas in which he believes critical infrastructure sectors that use OT are challenged: operators’ expertise and the secure design of equipment. “There are almost no cybersecurity policy organizations that have VPs of power production, power delivery, and so on involved,” he said. “You won’t find many from the actual engineering side of the world, and that means things are totally broken. There is zero cyber or authentication focus when it comes to anything that we measure – voltage, water pressure, and so on. Actual control systems devices that people build – pumps, motors, valves, relays and so on – thus have persistent design vulnerabilities.” Read the article at Threatpost.