The White House issued a statement on March 20 about an increased potential for Russian cyber-attacks against the US, urging owners and operators of critical infrastructure to increase their cybersecurity protections.  A fact sheet includes cybersecurity steps that should be taken immediately.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) held a call on March 21 to discuss the White House statement and how these cyber threats might impact critical infrastructure.  CISA encouraged critical infrastructure owners to fully use CISA resources to improve their cybersecurity. 

The CISA Shields Up webpage provides organizations with easily accessible cybersecurity resources, including a catalog of free services from government partners.  CISA offers free cyber hygiene services, and NACWA members that have used these services have reported that they are beneficial.

CISA also asked that all cyber incidents be reported, no matter how small they might seem.  Utilities can report incidents to CISA at report@cisa.gov or (888) 282-0870. Alternatively, utilities can report incidents to the FBI via the local FBI field office or the FBI’s CyWatch at (855) 292-3937 or CyWatch@fbi.gov.  Information reported to one of these agencies will be shared with the other agency. 

NACWA encourages all of its members to join the WaterISAC to receive all cybersecurity and other security information that is relevant to water utilities. WaterISAC provides utility-specific resources and can assist utilities if they experience a cyber incident. 

NACWA members with questions about cybersecurity should contact Cynthia Finley, NACWA’s Director of Regulatory Affairs.