H-ISAC, FBI, EPA TLP Clear: Incident Response Guide Water and Wastewater Sector

Executive Summary

Cyber threat actors are aware of—and deliberately target—single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors.

There are many aspects of the large and complex WWS Sector that pose challenges to raising cyber resilience sector wide:

  • Governance and regulation involve a mix of federal and state, local, tribal, and territorial authorities.
  • Cybersecurity maturity levels across the sector are disparate.
  • Often, WWS Sector utilities must prioritize limited resources toward the functionality of their water systems over cybersecurity.
  • Universal solutions to cyber challenges in a diverse, target-rich, and resource-poor environment are unfeasible.

To provide meaningful cybersecurity support to the WWS Sector that can help with these challenges, CISA—in conjunction with the Environmental Protection Agency (EPA) and the Federal Bureau of Investigation (FBI), as well as the federal government and WWS Sector partners listed in this guide’s acknowledgement section—has created this joint Incident Response Guide (IRG) for the WWS Sector.

The unique value1 of this joint IRG is that it provides WWS Sector owners and operators information about the federal roles, resources, and responsibilities for each stage of the cyber incident response (IR) lifecycle. Sector owners and operators can use this information to augment their respective IR plans and procedures. By empowering individual WWS Sector utilities, the authors of this guide—CISA, FBI, EPA, and the acknowledged federal government and WWS Sector partners—aim to drive improvements to cyber resilience and incident response across the WWS Sector.

View the detailed report below.
__________

1 Multiple resources exist to guide incident response (IR) planning, e.g., National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 Rev. 2 (NIST SP 800-61).

Key Resources

Related Resources

Letter/Comment
AHA Letter to Senate Finance Committee for May 1 Hearing on Change Healthcare Cyberattack
Letter/Comment
AHA Letter to House E&C Subcommittee for May 1 Hearing on Change Healthcare Cyberattack
Advisory
Homeland Security Proposes New Cyber Incident Reporting Requirements
Member
Special Bulletin
UnitedHealth Group Provides Update on Data Impacted By Cyberattack
Member
Testimony
AHA House Statement on “Fiscal Year 2025 Department of Health and Human Services Budget”
Public
Testimony
AHA Testimony for Energy and Commerce Subcommittee Hearing on Cybersecurity