According to a January 27, 2022 statement from the White House:
"Today, the Biden-Harris Administration announced it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the water sector. The Water Sector Action plan outlines surge actions that will take place over the next 100 days to improve the cybersecurity of the sector."
The nation’s critical infrastructure is facing both physical and cyber threats from domestic and foreign actors. An alarming combination of domestic extremists, white supremacists and aggressive misinformation and cyberattack campaigns by Russia and its supporters are targeting critical infrastructure nodes in the United States.
In the past few days, the Department of Homeland Security (DHS) along with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued warnings that Russia is targeting US critical infrastructure nodes. The warning urged operators of critical infrastructure to take immediate proactive steps to strengthen their cybersecurity defenses.
In a January 25, 2022 update to a jointly-issued bulletin, the three organizations warned critical infrastructure operators to be on heightened alert for state-sponsored cyberattacks from Russia. Further, a January 24, 2022 notice from DHS warned that domestic violent extremists (DVEs) "adhering to a range of ideologies will likely continue to plot and encourage physical attacks against electrical infrastructure." And while these threats have existed since at least 2020, “credible and specific” plans to attack the nation’s electrical infrastructure continue. The US electrical grid is comprised of nearly half a million miles of high voltage lines, more than 6400 power plants, and 55,000 substations serviced by nearly 3000 companies. The U.S. drinking water infrastructure system is made up of 2.2 million miles of underground pipes linking to pumping stations and filtration systems. We saw last year with the failed cyber attack on a water facility in Florida, cyber attack continues to be the growing and most likely threat to energy and water systems alike.
Nossaman will continue to monitor this situation and provide clients with timely thought leadership and guidance on evolving regulations to assist with solutions to cybersecurity issues.