Expert Insights: Joint Cybersecurity Advisory Announced – CISA, FBI, EPA, NSA

BACKGROUND:

The FBI, CISA, EPA and NSA announced yesterday a cybersecurity advisory that details ongoing cyber threats to U.S. water and wastewater systems. The advisory highlights ongoing malicious cyber activity targeting the IT and OT networks, systems, and devices of U.S. water and wastewater sector facilities, threatening the ability to provide clean, potable water to, and effectively manage the wastewater of, their communities.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Bill Lawrence
Bill Lawrence , CISO
InfoSec Expert
October 18, 2021 10:53 am

<p>It is heartening to see the FBI, CISA, EPA, and the NSA working together with the Water ISAC and Dragos to put this alert together. Adversaries are looking to use spearphishing (targeted phishing) and exploits against unpatched software or outdated firmware to execute these attacks. From a people, processes, and technology viewpoint, user training should have been the number one recommendation so as to recognize phishing attempts, thwart ransomware, or respond rapidly if it takes hold, rather than the last bullet in the ‘additional mitigations’ strategy and buried near the end. I had not heard of the Department of State’s Rewards for Justice (RFJ) program; reporting foreign government malicious activity against U.S. critical infrastructure could earn up to $10 million.  That sounds so much better than recent legislation to penalize victims of ransomware for not reporting in a timely manner or when payouts are made.</p>

Last edited 11 months ago by Bill Lawrence
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x