Advertisement

CISA announces free security scans for public water utilities

The U.S. Cybersecurity and Infrastructure Security Agency hopes to slash the number of vulnerabilities at critical infrastructure facilities.
water treatment facility
(Getty Images)

The U.S. Cybersecurity and Infrastructure Security Agency is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect them from cyberattacks.

The midweek announcement comes as water treatment facilities across the country have suffered from rising security threats over the past two years, including a recent attempt to compromise the safety and protection systems of the water treatment facility in Discovery Bay, California, by a former employee of one of the plant’s vendors.

In 2021, CISA and other agencies, including the FBI, Environmental Protection Agency and National Security Agency, issued a joint advisory report documenting the ongoing cybersecurity vulnerabilities in water systems nationwide, which “threaten their ability to provide potable water and effectively manage their wastewater.”

Drinking water and wastewater systems often offer public-facing applications that can be vulnerable to attack, potentially disrupting or halting operations.

Advertisement

CISA agents run specialized scanners to identify a facility’s vulnerabilities and weak configurations in internet-exposed endpoints, commonly used for initial access by threat actors and some ransomware groups.

Depending on the severity of flaws and vulnerabilities found, reports are generated within one to six days. The federal agency sends weekly reports with recommendations, while further scans determine if the water utilities have taken the steps to solve previously disclosed issues.

CISA’s new no-cost scanning program was co-developed with the EPA, the Water Sector Coordinating Council and the Association of State Drinking Water Administrators. CISA encouraged all drinking water and wastewater system operators to enroll in the service.

In the announcement, CISA said it aims to significantly reduce identified vulnerabilities in the first few months of security scans.

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

Latest Podcasts