NIST Asks For Feedback In Terms Of Cybersecurity For The Water And Wastewater Utilities Sector

Yesterday, NIST put out a draft white paper asking for feedback from stakeholders in the water and wastewater utilities sector as to how best to secure this sector.

Here’s the abstract from the draft white paper.

The U.S. Water and Wastewater Systems (WWS) sector has been undergoing a digital transformation. Many sector stakeholders are utilizing data-enabled capabilities to improve utility management, operations, and service delivery. The ongoing adoption of automation, sensors, data collection, network devices, and analytic software may also increase cybersecurity-related vulnerabilities and associated risks.

The NCCoE has undertaken a program to determine common scenarios for cybersecurity risks among WWS utilities. This project will profile several areas, including asset management, data integrity, remote access, and network segmentation. The NCCoE will also explore the utilization of existing commercially available products to mitigate and manage these risks. The findings can be used as a starting point by WWS utilities in mitigating cybersecurity risks for their specific production environment. This project will result in a freely available NIST Cybersecurity Practice Guide.

You can read the draft white paper here. Chris Warner, OT Cybersecurity Consultant, GuidePoint Security adds this commentary:

“Water systems are unique and challenging to secure because many systems are over 50 years old, and it will take tremendous financial and human resources to replace or upgrade to stay in compliance with regulatory entities. Water SCADA systems have numerous physical sites that are diverse in architecture and challenging to ensure integrity and security for water treatment basins, distribution centers, storage towers/level management, drinking water distribution networks, real-time decentralized industrial wastewater treatment centers, and real-time flood control system monitoring. 

Now, the AWWA mandates over 180 standards of practice for water utilities, and many US States have their own regulations. Some states are now encouraging water utilities to align to the NIST CSF. The NIST CSF mainly focuses on the business, IT, and a limited amount of OT. Creating an overlay of the NIST 800-82 with the CSF specifically addresses SCADA systems.”

I’ll be keeping an eye on this as there needs to be change in this sector to address the threat landscape that we find ourselves in at present.

Leave a Reply

%d bloggers like this: