WaterISAC is aware of several reports of threat actors leveraging multiple vulnerabilities to exploit unpatched systems in the water and wastewater sector. Members are encouraged to review and address the following vulnerability advisories and updates for products used within their environments.
There is still no shortage of ransomware posts this week. Here are a few of the more notables:
In April 2021, the Water Sector Coordinating Council conducted a survey of U.S. water and wastewater utilities to better understand the sector’s cybersecurity challenges and needs.
The responses demonstrate that many utilities are implementing cybersecurity best practices, but many others’ cybersecurity programs are incomplete.
Cybersecurity is difficult to quantify into metrics, just ask any CISO. Furthermore, after a cyber attack, CEOs need to be prepared for whatever questioning comes their way. A recent post by Proofpoint examines some possible media questions and looks at what information CISOs can provide to senior leadership to help ensure they are able to deliver solid answers. Conversely, the endeavor to honestly answer these questions should also result in a more prepared and resilient organization, as these aren’t just talking points, but validated and confirmed adherence to best practices.
The much anticipated Top 20 Secure PLC Coding Practices was released today. This list is reportedly the brain-child of water sector veteran Jake Brodsky and was presented during an S4x20 Conference session. According to Dale Peterson, as this initiative was too important to slip away, he made it an official S4 project to organize and recruit engineers who could create a quality list. The coding practices are intended to be used by automation engineers and technicians that program and maintain PLCs.
According to a report by the Wall Street Journal (WSJ), Luma Energy LLC, Puerto Rico’s main power provider experienced a distributed denial-of-service (DDoS) attack targeting its customer portal and new mobile application on Thursday. The attack occurred hours before a fire broke out at a substation in San Juan. The fire caused blackouts for hundreds of thousands of residents. According to Luma, the fire and the cyberattack haven’t been linked.
With all the ransomware activity in recent weeks, there is no shortage of developments and disclosures - from more ransomware groups claiming to call it quits to lesser discussed facets about ransomware negotiations. If you haven’t experienced a ransomware incident, it is prudent to keep up with current evolutions and considerations to potentially include with your ransomware response planning. Some of the more significant developments last week include:
A prior post, Aspiring to CIP Compliance for Water and Wastewater Utilities, included in the Security & Resilience Update for May 6, 2021, discussed the familiarity that many water and wastewater utilities have with NERC CIP and its benefits across all critical infrastructure.
In light of the current barrage of ransomware attacks, the following selections provide alternative (and agreeable) viewpoints and facts about ransomware and the fight we are all facing. From defenders, to policy makers, and cybersecurity advisors, we all have a role in combatting what has become a national security threat – and not compound the problem.
Some of the cybersecurity guidance – do this; don’t do that – may seem frustrating and even irritating to defenders at times. As organizations of all types and sizes are currently dealing with an unprecedented volume and frequency of ransomware attacks, much of “said” guidance is being repeated and amplified. Some pundits have rightfully chided that the guidance isn’t always helpful, practical, or even attainable for most organizations. However, perhaps one thing could arguably be an exception – asset management.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
