Wednesday Jan 17, 2024
Ep. 2: Water with CISA's Amy Thomas, cyber risk analyst and Noah Powers, RVA program lead, penetration testing capabilities
Water treatment facilities are part of the critical infrastructure that supports essential services. A cyberattack on these facilities could disrupt the supply of clean water, leading to severe consequences for public health, safety, and the economy. In this episode, two representatives from the US Cybersecurity and Infrastructure Security Agency, or CISA, share strategies to defend the water sector from cyberattacks. They also provide an update on CISA's investigation into an Iranian-linked campaign targeting Israeli-made Programmable Logic Controllers (PLCs) at a number of US water utilities.
Resources:
- CISA Risk and Vulnerability Assessments program
- CISA Security Advisors
- Top Ten Cybersecurity Misconfigurations (NSA and CISA Advisory)
- IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA Advisory)
- CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs (CISA Alert)
- CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords (CISA Alert)
- States and Congress wrestle with cybersecurity after Iran attacks small town water utilities (Associated Press)
- CVE-2023-6448 (NIST NVD)
- CISA's Known Exploited Vulnerabilities Catalog
- Report a cyber issue to CISA
- Water and Wastewater Cybersecurity toolkit (CISA)
- China’s cyber army is invading critical U.S. services (Washington Post)
- Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)
- Stop Ransomware website (CISA)
- The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos)
- Cybersecurity for Rural Water Systems Act
- Energy Circuit Riders Act
Version: 20240731