Enhancing Cyber Hygiene

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) hosted a webinar to share cyber threat and resilience information.  Several of the cyber hygiene recommendations offered during the web event may be helpful as you work with water systems to enhance their ability to provide safe drinking water.

One particular aspect of the webinar focused on trends that NCCIC analysts are seeing in the field related to cyber hygiene.  Practical corrective actions and recommended next steps were also discussed.  The trends fall into five major areas:

• Continued use of End of Life (EOL) network devices – those that are no longer supported by vendor patches and devices that are not being replaced during update/tech refresh cycles.
• Default/weak security configurations – use of default or weak credentials, devices put onto networks with “out of the box” configurations, or no implementation of vendor/government device hardened guidance
• Use of unsecure/unencrypted remote access protocols – administrator access directly over the internet or external use of FTP/TFTP.
• Poor security monitoring – lack of visibility for administrator access, device logging not implemented, or lack of visibility of configuration changes to network devices.
• Continued reliance on the old “network operations” mentality – network device security monitoring is secondary to the operations tasks.

The discussions surrounding the above categories were not directed specifically toward water utilities; however, most would easily apply to any utility with a SCADA system.  The presentations also included information about the NCCIC and its role within DHS, broad discussions of cyber threats and exposures, and a separate section on the Federal response.  The complete powerpoint presentation is available at this link.  You are encouraged to share these materials with your colleagues in the water community.

Free Water Security Webinars

EPA’s Water Security Division has scheduled several webinar information and training events during July and August.  There’s also an invitation to participate in a September Power and Resilience Black Sky Summit.  For more information, please read on.

Communication Systems for Smart Utility Infrastructure

DATE:              July 17, 2018

TIME:               1:00-2:00PM (eastern)

REGISTER:      Click here

This webinar will discuss considerations for evaluating and selecting data communications systems that meet the unique requirements of smart utility infrastructure, including remote water quality and security monitoring equipment. Also, the Metropolitan Sewer District of Greater Cincinnati will present a case study about its smart sewer network.

Air Regulations for Generators at Water Utilities

DATE:              July 25, 2018

TIME:               1:00-2:00PM (eastern)

REGISTER:      Click here

This webinar will provide an overview of the air regulations for stationary generators including the New Source Performance Standards (NSPS) and the National Emission Standards for Hazardous Air Pollutants (NESHAP) for Reciprocating Internal Combustion Engines (RICE).  It will outline the requirements for a water utility purchasing new diesel generators.  The presentation will also compare the requirements for emergency generators with the requirements for generators used for demand response/peak shaving. You will hear from speakers such as Melanie King, EPA Office of Air and Radiation and Sara Ayres, EPA Office of Enforcement and Compliance Assurance.

Puerto Rico Water and Sewer Authority’s Response to Hurricane Maria Webinar

DATE:              August 8, 2018

TIME:               1:00-2:00PM (eastern)

REGISTER:      Click here

Eli Diaz-Atienza, President of Puerto Rico’s Water and Sewer Authority (PRASA) will describe how the utility was impacted by the loss of power caused by Hurricane Maria.  At its peak, PRASA was utilizing 1610 generators at its 114 drinking water plants, 51 wastewater plants, and pump stations.  This presentation will discuss some of the challenges with operating, maintaining, and fueling the generators.  It will also summarize some of the lessons learned and plans for increasing its resilience.

Free Power and Black Sky Resilience Summit

Water Sector Power and Black Sky Resilience Summit (September 19, 2018 in Herndon, VA)

EPA is hosting a one-day Water Sector Power and Black Sky Resilience Summit to discuss and advance the water sector’s preparedness for a long duration, widespread power outage. There will be presentations and discussions on black sky threats, generators, alternative power options (e.g., combined heat and power, solar), critical interdependencies, and communications. The focus will be on some of the challenges and potential solutions to a long duration power outage.  The target audience is drinking water and wastewater utilities, water and energy associations, electric utilities, and local, state, and federal government agencies.  Register at: https://epa-black-sky-summit.eventbrite.com

Are You Cyber Aware?

EPA’s Water Security Division is hosting a webinar titled Are You Cyber Aware? to help utilities consider useful next steps in cyber awareness and preparedness.  The hour long event will also showcase best practices and case studies on cyber preparedness.  You are invited to attend and learn about top tips and resources to prepare to respond to a cyber attack.  

DATE:              May 17, 2018

TIME:               1:00-2:00PM (eastern)

REGISTER:      Click here

Two New Incident Action Checklists for the Water Sector

The EPA Water Security Division (WSD) published ten “rip & run” style checklists in January 2015 to facilitate water sector response immediately before, during and after an emergency. These concise Incident Action Checklists outline critical measures that drinking water and wastewater utilities can take to protect their system against various natural hazards.

WSD is excited to announce the publication of two new Incident Action Checklists:  Cybersecurity and Harmful Algal Blooms.  As with the 2015 versions, these new checklists include potential impacts to the water sector; actions to prepare for, respond to and recover from the specific incident; a contacts section that utilities can fill out with their own local information; and a resource section. With a concise structure and targeted focus, the Checklists offer utilities a unique resource focusing on response actions that should greatly increase the water sector’s resilience to cybersecurity and harmful algal bloom incidents.  Download the Checklists today at: https://www.epa.gov/waterutilityresponse/incident-action-checklists-water-utilities.

If you have any questions, please feel free to contact Dawn Ison at ison.dawn@epa.gov or by phone at 513-569-7686.

 

DHS Cybersecurity and Critical Infrastructure Webinar – Round 2

 

 

 

For those of you who were unable to participate in the first webinar providing updates regarding the Presidential Executive Order 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the National Protection and Programs Directorate (NPPD) would like to invite you to join a second session of the webinar at 1:00 p.m. EDT on Tuesday, June 27.  This second session of the webinar will cover the same updates, focusing, in particular on Section 2, titled Cybersecurity of Critical Infrastructure, as well as provide participants the opportunity to ask questions.

Advance registration is not required.

To Join the Meeting:  https://share.dhs.gov/cybersecurity_eo_update_27june2017/

Dial –In Conference Bridge:  1-888-324-0239

Participant Passcode: 3990134#

The Conference line will open 30 minutes prior to the scheduled start time of the call.

If you have any questions or concerns about this matter, contact the NICC at 202-282-9201 or NICC@hq.dhs.gov.

October is National Cyber Security Awareness Month

Plan Ahead!

October is National Cyber Security Awareness Month (NCSAM), a collaborative effort between DHS, the National Cyber Security Alliance, and other public and private partners to raise awareness about the importance of cybersecurity and individual cyber hygiene.

Each week of NCSAM is dedicated to a specific cybersecurity theme, with related activities and events happening across the country:

• October 2-6, 2017: Simple Steps to Online Safety. Week 1 will address the top consumer cybersecurity concerns, provide simple steps to protect against these concerns, and help the public understand what to do if they fall victim to cybercrime.
• October 9-13, 2017: Cybersecurity in the Workplace is Everyone’s Business. Week 2 will showcase how organizations can protect against the most common cyber threats. The week will also look at resources to help organizations strengthen their cyber resilience, including the Cybersecurity Framework.
• October 16-20, 2017: Today’s Predictions for Tomorrow’s Internet. Week 3 will remind citizens that their sensitive, personal information is the fuel that makes smart devices work. While there are tremendous benefits of this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways.
• October 23-27: The Internet Wants YOU:  Consider a Career is Cybersecurity.  Week 4 will encourage students and other job seekers to explore cybersecurity careers.  Key influencers – like parents, teachers, and state and local officials – will learn more about this growing field and how to engage youth in pursuing cybersecurity careers.
• October 30-31:  Protecting Critical Infrastructure from Cyber Threats.  Week 5 will look at cybersecurity in relation to keeping our traffic lights, running water, phone lines, and other critical infrastructure secure.

 

DHS Shares Cyber Security Contact Information

Much like the Protective Security Advisors that have been operating within the Water Sector for several years, DHS is now working to develop a cadre of advisors that specialize in cyber security.  At present, their numbers are fewer than their Protective Security counterparts, but they are growing in numbers.  Here’s who they are and how to reach them:

 

CSA (Role / Title)	Location	Name (Last, First MI)	Email	DHS Cell Phone
Chief of Field Operations/Supervisory CSA	Region 3 – Pittsburgh, PA	Willke, Bradford J.	bradford.willke@hq.dhs.gov	202-380-5899
Sr Cyber Security Advisor, Western U.S.	Region 9 – Los Angeles, CA	McElroy, Deron	deron.t.mcelroy@hq.dhs.gov	213-310-1852
Cyber Security Advisor, Region I	Region 1 – Boston, MA	Vacant	–
Cyber Security Advisor, Region II	Region 2 – New York, NY	Richard Jr., Richard S.	richard.richard@hq.dhs.gov	631-241-3662
Cyber Security Advisor, Region III	Region 3 – Philadelphia, PA	Vacant	–
Cyber Security Advisor, Region IV	Region 4 – Atlanta, GA	Walker, Klint	klint.walker@hq.dhs.gov	404-895-1127
Cyber Security Advisor, Region V	Region 5 – Chicago, IL	Enriquez, Antonio P.	antonio.enriquez@hq.dhs.gov	202-809-7894
Cyber Security Advisor, Region VI	Region 6 – Dallas, TX	Adams, Chad E.	chad.adams@hq.dhs.gov	202-380-6024
Cyber Security Advisor, Houston-District	Region 6 – Houston, TX	Reeves, George	george.reeves@hq.dhs.gov	281-714-1259
Cyber Security Advisor, Region VII	Region 7 – Kansas City	Selected – Awaiting SSO	–
Cyber Security Advisor, Region VIII	Region 8 – Denver, CO	Rinerson, Harley	harley.rinerson@hq.dhs.gov	202-809-3314
Cyber Security Advisor, Region IX	Region 9 – San Francisco, CA	Vacant	–
Cyber Security Advisor, Region X	Region 10 – Seattle, WA	Vacant	–
Cyber Security Advisor, Region IX	Region 9 – Los Angeles, CA	Edmonds, Arthur	arthur.edmonds@hq.dhs.gov	415-793-7147

 

 

Ransomware Recommendations Update

Our colleagues at DHS have informed us that Microsoft has provided specific risk management steps for WannaCry at the following location:  https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

WannaCry continues to pose significant risks and virtually any organization is at potential risk of attempted WannaCry propagation.

Ransomware Response Recommendations

Our colleagues at DHS recommend that if any of your water systems are victims of a ransomware attack, they should take the following steps:

1. Please contact your FBI Field Office Cyber Task Force (fbi.gov/contact-us/field/field-offices) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
2. Please report cyber incidents to the US-CERT (us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).

For more information on cyber protections and the WannaCry Ransomware:

• For overall Cyber Situational Awareness, visit the US-CERT National Cyber Awareness System webpage at: https://www.us-cert.gov/ncas
• For indicators associated with WannaCry Ransomware:
•    US-CERT – Alert – TA17-132A – https://www.us-cert.gov/ncas/alerts/TA17-132A
•    ICS-CERT – Alert – 17-135-01 – https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-135-01

Microsoft Ending Support for Windows Vista

Editor’s Note:  This information was provided by our colleagues at the WaterISAC.

If you know of any water systems still using the Windows Vista operating system, please let them know about the following ASAP.

“All software products have a lifecycle.  After April 11, 2017, Microsoft is ending support for the Windows Vista operating system.  After this date, this product will no longer receive security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.  Computers running the Windows Vista operating system will continue to work even after support ends.  However, using unsupported software may increase the risks of viruses and other security threats.  Users and administrators are encouraged to upgrade to a currently supported operating system.  For more information, see Microsoft’s Vista support and product lifecycle articles.”