The System Security scan program aims to improve the cyber defense of critical industries.
Due to the increased focus on the security of infrastructure, in particular water supply and wastewater treatment systems, the US Cybersecurity and Infrastructure Protection Agency (CISA) has announced the launch of a free security scanning program for critical infrastructure.
The program was developed in collaboration with the Environmental Protection Agency (EPA), the Water Sector Coordination Council (WSCC), and the State Drinking Water System Administrators Association (ASDWA).
The program offers operators of drinking water and wastewater systems to register for system scanning. Specialized CISA scanners identify vulnerabilities connected to the Internet and detect possible vulnerabilities that can be exploited by hackers. Based on the results of the scan, CISA sends weekly reports with recommendations on how to fix the problems found.
Example of a weekly report
For critical and actively exploited vulnerabilities, initial reports are generated within 24 hours, and a second scan is performed every 12 hours. For less risky vulnerabilities, the review may take from 1 to 6 days. The agency emphasizes that automated scanners do not gain access to private networks and do not make changes, eliminating the risk of data leakage.
According to the US Water Supply and Wastewater Treatment Systems Report (WWS), the number of ransomware attacks on public utilities is increasing, which makes ensuring their security not only a matter of public health, but also national security.
The joint efforts of CISA, EPA, WSCC and ASDWA are aimed at minimizing risks and improving the level of security, which is especially important in the current environment of cybersecurity threats. The new program is another step towards creating a more reliable and sustainable infrastructure.
Note that in March, the US government required states to assess the cybersecurity of their water supply systems as part of the White House program to protect the country's critical infrastructure from attacks from other states and various cyber threats. The Environmental Protection Agency (EPA) has developed measures that public water companies must take to protect systems, and requirements for conducting cybersecurity assessments of water systems.
In addition, a US resident was charged with intentionally damaging a computer after it allegedly penetrated the network of the Discovery Bay water treatment plant . The defendant intentionally deleted the main operating and monitoring system for the cleaning plant and then shut down the servers that these systems were running on.
Due to the increased focus on the security of infrastructure, in particular water supply and wastewater treatment systems, the US Cybersecurity and Infrastructure Protection Agency (CISA) has announced the launch of a free security scanning program for critical infrastructure.
The program was developed in collaboration with the Environmental Protection Agency (EPA), the Water Sector Coordination Council (WSCC), and the State Drinking Water System Administrators Association (ASDWA).
The program offers operators of drinking water and wastewater systems to register for system scanning. Specialized CISA scanners identify vulnerabilities connected to the Internet and detect possible vulnerabilities that can be exploited by hackers. Based on the results of the scan, CISA sends weekly reports with recommendations on how to fix the problems found.
Example of a weekly report
For critical and actively exploited vulnerabilities, initial reports are generated within 24 hours, and a second scan is performed every 12 hours. For less risky vulnerabilities, the review may take from 1 to 6 days. The agency emphasizes that automated scanners do not gain access to private networks and do not make changes, eliminating the risk of data leakage.
According to the US Water Supply and Wastewater Treatment Systems Report (WWS), the number of ransomware attacks on public utilities is increasing, which makes ensuring their security not only a matter of public health, but also national security.
The joint efforts of CISA, EPA, WSCC and ASDWA are aimed at minimizing risks and improving the level of security, which is especially important in the current environment of cybersecurity threats. The new program is another step towards creating a more reliable and sustainable infrastructure.
Note that in March, the US government required states to assess the cybersecurity of their water supply systems as part of the White House program to protect the country's critical infrastructure from attacks from other states and various cyber threats. The Environmental Protection Agency (EPA) has developed measures that public water companies must take to protect systems, and requirements for conducting cybersecurity assessments of water systems.
In addition, a US resident was charged with intentionally damaging a computer after it allegedly penetrated the network of the Discovery Bay water treatment plant . The defendant intentionally deleted the main operating and monitoring system for the cleaning plant and then shut down the servers that these systems were running on.
