The White House has launched a 100-day initiative to upgrade the cybersecurity of the critical infrastructure water sector, and there are potential implications for MSSPs.
The administration’s Water Sector Action Plan, a joint effort of the Environmental Protection Agency (EPA), the Cybersecurity and Infrastructure Security Agency (CISA) and the Water Sector Coordinating Council (WSCC), also has buy-in from the private sector. It is set up to:
- Facilitate the deployment of technologies and systems that provide cyber-related threat visibility, indicators, detection, and warnings.
- Help owners and operators deploy technology to monitor their systems and provide near real-time situational awareness and warnings.
- Enable rapid sharing of relevant cybersecurity information with the government and other stakeholders to improve the sector’s ability to detect malicious activity.
- The EPA and CISA will work with water utilities and invite them to participate in a pilot program for industrial control systems (ICS) monitoring and information sharing. The WSCC, CISA, and EPA will also collaborate to promote cybersecurity monitoring to the entire sector.
- The plan will initially focus on the utilities that serve the largest populations with the highest consequence systems and will lay the foundation for supporting enhanced ICS cybersecurity across water systems of all sizes.
The water and wastewater focus emerges from an industrial control system cybersecurity initiative established by the Biden administration, SC Media notes.
Critical Infrastructure and Water Protection: Where MSSPs May Fit In
Federal government officials said they will not select, endorse, or recommend any specific technology or provider. Still, MSSP Alert believes that MSSPs and MDR (managed detection and response) service providers can gain a leg up for potential engagements with critical infrastructure customers by proactively updating their security controls and perhaps adjusting their terms of service to align with the latest critical infrastructure customers.
Cybersecurity improvements in the water sector is the second step of the National Security Memorandum President Biden issued in July, 2021 to better secure critical infrastructure control systems. The initiative began with a pilot project for the electric and natural gas pipeline subsectors. The chemical sector is next in line for security updates slated for later this year.
The administration touted the 150 electricity utilities serving some 90 million residential customers along with “multiple critical natural gas pipelines” that have deployed or are in the process of deploying additional cybersecurity technologies as a result of the program.
