In response to “multiple” cyber threat vectors, the Biden administration will require governors in all 50 states to submit cybersecurity plans to protect their local water and wastewater facilities within 90 days (approximately July 1, 2024). requested that it be created. In a two-page letter sent Thursday, March 28, 2024, Ann Neuberger, the Vice President's National Security Advisor for Cyber and Emerging Technologies, asked governors to protect water and wastewater treatment facilities. It called for an “action plan” to be developed to reduce critical cyber vulnerabilities, saying: Many systems still “suffer from gaps in cybersecurity practices.”
The White House is particularly concerned about cyberattacks linked to Iran after the Israeli-made Unitronics industrial control system used in U.S. water and wastewater facilities was hacked in the wake of the Gaza war. In late November 2023, the communities of Aliquippa, Pennsylvania and the North Texas Municipal Water District, among others, suffered attacks on their control and business systems.
In a separate letter dated March 21, 2024, White House National Security Adviser Jake Sullivan and Environmental Protection Agency Administrator Michael Regan made essentially the same request to countries: We asked them to share their cybersecurity plans by May 20, 2024. It is unclear whether the latest request will replace the NSA. /EPA request, or if it's free in some way. In any case, water and wastewater utilities have another opportunity to consult with their respective states' chief cyber officers about what cybersecurity measures and mitigation strategies make the most sense. Businesses have an obligation to start that discussion now. The White House could issue orders by May 20, 2024 or late June 2024 that carriers find objectionable.
In light of these developments, organizations should consider proactive measures such as:
- To effectively mitigate and respond to cyber threats, we assess risks, implement robust security measures, develop detailed incident response strategies, ensure cyber insurance coverage, conduct regular employee training, and comply with regulatory standards. Develop a comprehensive cyber preparedness plan that includes steps such as ensuring compliance. .
- Consider taking available funding from federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) to strengthen your cybersecurity defenses.
- Thoroughly research your cyber insurance policy to ensure your insurance program adequately covers potential risks. This includes evaluating business interruption loss coverage and any exclusions or limitations that could impair coverage in the event of a state-sponsored cyberattack.
our california water views We also discuss this issue in detail on our blog. Read the post “White House issues dire warning about cyberattacks on drinking water supplies and wastewater systems.”
