This week, the Biden administration extended its voluntary cybersecurity initiative for essential control systems in the electricity sector and pipelines to facilities that supply water across the United States. This initiative asks that participating facilities adopt detection technologies that monitor for cyber threats. The policy does not require organizations to report attacks to the U.S. government, but strongly encourages them to do so. The water sector is believed to be an extremely vulnerable part of the U.S. infrastructure and several policy makers are pushing for mandatory reporting and stronger mandates. The Environmental Protection Agency, which oversees the water infrastructure, does not have the authority to mandate protections such as other infrastructure agencies.
The water industry became a focus of cybersecurity last year, after a former employee of a water treatment plant in Florida gained remote access to the plant’s computers and modified one of the chemical additives to dangerous levels. The incident was so alarming that the Federal Bureau of Investigation (FBI) sent out an alert that raises attention to three possible security issues that contributed to the plant’s security incident. The alert warned organizations about the use of poor passwords, out-of-date Windows 7 operating systems, and the use of desktop sharing software. The potential damage and danger that could have resulted was averted due to an attentive employee noticing the attacker had accessed the computer and quickly putting a stop to it. It is extremely important for all critical systems to be monitored 24 hours a day to recognize unusual and dangerous activity by any user account and to quickly investigate these activities. Binary Defense provides managed security services with 24/7 monitoring of systems by our Security Operations Task Force. It is also advised that once an operating system has reached its end-of-life, such as Windows 7, that it should be replaced with a newer and supported operating system as soon as possible.