What Every Water Utility Should Know About CyberSecurity: Minutes Matter, Seconds Count

This year, cybersecurity attacks against our nation's critical infrastructure sectors have continued to challenge the operational integrity of our manufacturing environments and threaten our way of life. Cybercrime is an economic and national security sustainability threat. As we know, threat actor motives are often rooted in financial gain, as well as ideological differences. In short cybercrime is here to stay. Minutes matter, seconds count and the only control we have as people are over the decisions we choose to make to better protect our communities. As a result of consistently high cyber-attack attempts and incidents, recent changes to Federal and State administrative and civil laws have evolved to drive cyber risk management accountability. The time to act as a collective in the Water and Wastewater community is now because the quantifiable risk and liability associated with cyber-attack incidents has grown to an unsustainable level. To further contextualize, several states have waived sovereign immunity privileges relative to risk management, which directly places municipalities at risk from a Civil-tort liability perspective. Our goal as an organization is to help our customers on three fronts: fiduciary risk quantification, OT risk identification, and the development of a feasible OT system hardening roadmap that is tailored to your organizational needs. In this session, we will review the tactics, techniques, and procedures that every utility should know to protect themselves and build a comprehensive, unified IT/OT cyber resilience plan accounting for all potential security risk before, during, or after a cyber event. Additionally, a detailed explanation of next-generation OT networks and describe why traditional network isolation cyber defenses are no longer adequate for these mission-critical environments. We will offer a detailed cyber strategy and architecture to protect these networks' enhanced capabilities, along with common pitfalls and lessons learned. It is no surprise — Industrial Control Systems (ICS) are in the crosshairs of opposing nations and criminal organizations. Water and Wastewater facilities specifically need a heightened awareness due to their key role in the global supply chain. In addition to known bad actors, the modern facility is connecting to the outside world at an exponential pace and with greater connectivity comes greater security risk. Even well-intentioned actions can mistakenly impact network availability, interrupt operations, and halt productivity. Water and Wastewater organizations need a— including (but not limited to):

*Asset Inventory / Installed Base Identification

*Vulnerability & Risk Analysis

*Qualified Patch Management

*Cybersecurity Policy Development

*Endpoint Protection

*Perimeter Hardening (IDMZ) & Microsegmentation Deployment

*Zero-trust & Secure Remote Access

*Real-time Threat Detection

*Disaster Recovery Planning & Incident Response The best approach is risk-based in alignment with industry best practices with complete organizational adoption. Unfortunately, even the most sophisticated organizations can't manage all aspects of IT/OT cybersecurity alone — you need an ecosystem of trusted experts and partners by your side to extend your protection against next-gen security threats. To secure modern operational equipment — Computer OS Security, Network Security, Endpoint Protection, and continuous Security Monitoring. We will also review the emerging Managed Security Services leading the industry in data-driven cyber protection and response so that you can have confidence running a world-class ICS cybersecurity program.