In partnership with the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), the FBI, and the Information Technology ISAC, WaterISAC has developed a list of 10 basic cybersecurity recommendations water and wastewater utilities can use to reduce exploitable weaknesses and defend against avoidable data breaches and cyber attacks. Each recommendation is accompanied by links to corresponding technical resources. This document is an updated version of the 10 Basic Cybersecurity Measures to Reduce Exploitable Weaknesses and Attacks guide that WaterISAC published in August 2012.
In reviewing its incident reports for 2014, ICS-CERT noted that implementation of the first three recommendations likely would have detected the issues, prevented the vulnerabilities, and averted the resulting impacts related to those incidents. Although risks remain and threat actors will continue to change their capabilities and methods, ICS-CERT advises that the first three recommendations be implemented as soon as practical.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program