By VC3
The federal government recently alerted governors about nation state actors (China and Iran) currently conducting cyberattacks upon water systems across the United States and, in some cases, breaching their information systems while remaining undetected.
Such attacks threaten public safety and water systems operations. In many cases, despite the severity of these threats, basic cybersecurity best practices can fend off most of these nation state exploits.
China and Iran know that water systems are a particular vulnerability in the United States’ critical infrastructure. Many of these districts generally lack the right cybersecurity measures due to understaffing, budget issues, and obsolete technology.
The Cybersecurity and Infrastructure Security Agency (CISA) has detailed some basic cybersecurity measures that would help prevent many of these attacks and exploits, including:
- Conducting regular cybersecurity assessments.
- Changing default passwords NOW and using multi-factor authentication (MFA) wherever possible.
- Regularly applying patches and updates to all applications and systems.
- Using detection tools such as endpoint detection and response (EDR).
- Providing security awareness training for all employees.
- Modernizing obsolete hardware and software no longer supported by the vendor.
In a fact sheet, CISA notes “For smaller organizations without their own in-house cybersecurity teams, leaders should obtain managed security services that can carry out this guidance to maintain sufficient cybersecurity posture.”
Many water districts in California are too small to staff for cybersecurity, and larger ones may need help if they are understaffed or wrestling with budget issues. CSDA’s cybersecurity and technology services partner, VC3, can help:
- Assess cybersecurity vulnerabilities and gaps.
- Deploy tools, best practices, and strategic oversight to protect critical infrastructure from cyberattacks.
- Monitor systems 24/7/365 to look for potential threats, which proactively increases your cyber posture.
If you feel your district is at risk from these or other critical cyber threats, reach out to VC3 to have a conversation. Trusted by over 1,100 local governments, VC3 can help provide a resilient technology foundation supported by cybersecurity best practices with the aim of protecting critical infrastructure and improving operational efficiency.
For additional information, please contact:
California Special Districts Association
Member Services at (916) 442-7887 or membership@csda.net
VC3
David Surfas at (818) 399-6073 or david.surfas@vc3.com