Skip to main content
close search
site logo
Dive Brief

NIST seeks water industry feedback on boosting cyber resilience

Published Nov. 4, 2022
David Jones's headshot
Reporter
View from above of vast vats of brown liquid.
Seneca Water Resource Recovery Facility is a demonstration project that uses advanced aeration control and other operational changes to clean wastewater and help protect the Chesapeake Bay. Courtesy of Brown and Caldwell

Dive Brief:

  • The National Institute of Standards and Technology (NIST) is seeking public comment from stakeholders in the water and wastewater industries on a plan to protect thousands of facilities from future cyberattack. 
  • NIST’s National Cybersecurity Center of Excellence on Wednesday asked water utilities of all sizes to weigh in by Dec. 19 on a project designed to boost the industry’s cyber resilience. It will later result in a notice in the Federal Register. 
  • Drinking water and wastewater treatment facilities are increasingly vulnerable to cyberattacks, the agency said, as facilities become more dependent on connected systems. The project would secure remote access and network segmentation.

Dive Insight:

The security of the water and wastewater treatment industry has become a priority of federal regulators, particularly since the high-profile attack against an Oldsmar, Florida water treatment facility in February 2021 when a hacker tried to remotely poison the local water supply.

Federal authorities in late 2021 issued warnings about potential cyberattacks aimed at water and wastewater facilities. In separate attacks during the summer of 2021, threat actors used Ghost variant and ZuCaNo ransomware to launch attacks against facilities in California and Maine, respectively. 

The Cybersecurity and Infrastructure Security Agency late last month said the security of water and wastewater treatment facilities would be among priority areas of focus. The Biden administration has rolled out plans to secure key providers of critical infrastructure.

The National Association of Water Companies sees water and wastewater treatment facilities as a national security concern. However, the industry group concedes there is a sophistication gap between large and small providers in terms of their ability to manage cyber threat activity.

 “NAWC and its member companies have long supported state and federal initiatives aimed at driving uniform cybersecurity compliance and enforcement for all drinking water and wastewater system operators,” Robert Powelson, president and CEO of NAWC, said in an emailed statement. “We believe this is critical to defending the nation’s water and wastewater from cybersecurity attacks.”

While the organization is in full support of these efforts, Powelson said they hope the end result amounts to more than just guidelines and recommendations for these providers. 

“We must establish compliance standards and audit implementation of those standards to truly protect the water and wastewater sector,” he said.

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell