USDA, White House Launch Study to Boost Cyber Resilience of Rural Water Utilities

Summary: The U.S. Department of Agriculture and the White House Office of the National Cyber Director have initiated a year-long study to enhance the cybersecurity resilience of rural water systems, in collaboration with the National Rural Water Association. This initiative includes expanding the USDA’s Circuit Rider Program to provide cybersecurity support and training for rural drinking and wastewater treatment facilities.

Threat Actor: Hacktivists and criminal ransomware groups | hacktivists
Victim: Rural water utilities | rural water utilities

Key Point :

  • The USDA’s Circuit Rider Program will provide hands-on cybersecurity assistance to under-resourced rural water facilities.
  • Cybersecurity threats to water utilities have increased, with poor configurations and lack of multifactor authentication being significant vulnerabilities.
  • Recent cyberattacks have forced some utilities to revert to manual operations, highlighting the urgent need for improved cybersecurity measures.

Dive Brief:

  • The U.S. Department of Agriculture and the White House Office of the National Cyber Director launched a study last week to help improve the cyber resilience of rural water systems. The program, which will last one year, will be conducted in partnership with the National Rural Water Association.
  • The USDA will expand its Circuit Rider Program during the study, which provides additional cybersecurity support and training for rural drinking and wastewater treatment facilities. Two NRWA affiliates, the Vermont Rural Water Association and the Oregon Association of Water Utilities, will administer the program.
  • “Through this study, the federal government and our partners can better understand the cybersecurity capacity of rural water utilities before and after engagement with cybersecurity-focused Circuit Riders in order to inform future approaches and opportunities to bolster their resilience,” a spokesperson for ONCD told Cybersecurity Dive via email.

Dive Insight:

The expanded cybersecurity program comes at a critical time for the nation’s drinking and wastewater treatment systems, as a rising number of hacktivists and criminal ransomware groups have targeted the facilities for cyberattacks.

The Cybersecurity and Infrastructure Security Agency has repeatedly warned that hackers have targeted water utilities using poor configurations, by relying on default passwords, leaving their systems exposed to the internet and failing to use multifactor authentication.

The Vermont Rural Water Association has been providing cybersecurity training to local utilities for years, but said the pilot program will allow it to provide hands-on assistance to under-resourced facilities. 

“Most water utilities in Vermont are too small to have their own IT staff, and it is not realistic to expect water operators to become cybersecurity experts on top of their many other responsibilities,” Katherine Boyk, a spokesperson for VRWA, said via email. “We will now have a full-time staff member who can provide cybersecurity assistance to any public drinking water system in Vermont, for free.”  

Vermont is working to help utilities prevent future attacks, but other states have been forced to grapple with hacks in recent months.   

In late September, a local water utility in Arkansas City, Kansas, had to revert to manual operations after it was targeted in a cyberattack. 

Following that incident, American Water Works, the nation’s largest regulated water utility, temporarily took systems offline after attackers gained access to some of its computer network. American Water operates in 14 U.S. states and 18 military installations.

Source: https://www.cybersecuritydive.com/news/usda-white-house-cyber-rural-water/731875