Operational requirements and challenges can be as unique as fingerprints for local governments across the U.S. As we head into the cooler months of the year, take for example snow removal and management, a subject likely top of mind for city and county governing bodies in the Northeast, while in the Southwest… not so much. However, one piece of common ground that has managed to touch local agencies in some manner in 2022 is cybersecurity. Threats from a host of bad actors targeting critical infrastructure is an increasing concern for every level of local government, with many shifting from an “if it happens” mindset to “when and where.”
CAI created a trove of cybersecurity articles over the course of this year that detail key considerations and approaches local governments can factor into their current and future threat strategies.
Critical infrastructure and the rising threats to operational technology
The Executive Order on Improving National Cybersecurity1 and the National Security Memorandum (NSM) 52 issued by the current administration set in motion digital transformation initiatives vital for cyber defense. Much of this transformation addresses the critical IT infrastructure for local governments, which currently run on what is known as Operational Technology (OT) or Industrial Control Systems (ICS). As OT systems that monitor and manage processes in facilities like water management become more tightly connected, the risks associated with cyber-enabled sabotage of OT/ICS grow.
Discover four major trends to consider with infrastructure and how understanding the differences and similarities between IT and OT systems can help agencies better respond to cybersecurity risks. Read the full article.
Water sector short on funds, high on threats
While water facilities do not immediately come to mind when considering potential cyberattack targets, that very lack of visibility makes them even more vulnerable. With the volume and sophistication level of cyberattacks increasing, evaluation of the current state of cybersecurity is a critical step in building a strategy that will be effective against cyber threats. Though historically federal funding hasn’t adequately supported the need to bolster U.S. water infrastructure cybersecurity systems, recent changes have made digital transformation for critical infrastructure a larger priority.
Begin the evaluation process to analyze cybersecurity health by answering five vital questions to achieve an effective cyber posture. Read the full article.
Protecting our country’s clean drinking water starts with strong cybersecurity strategies
Included in the Executive Order on Improving National Cybersecurity was an announcement by the Environmental Protection Agency (EPA) regarding the Industrial Controls System (ICS) Cybersecurity Initiative – Water and Wastewater Sector Action Plan3 to better protect the water sector from cyberattacks. Co-authored by the EPA, the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)4, and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC), the plan includes goals for strategy adoption and early detection of cyber threats. Aligned with this is the EPA’s Drinking Water State Revolving Fund (DWSRF), which provides financial assistance at the local level for drinking water infrastructure projects.
Review important insights on features and considerations for developing, improving, and maintaining a cybersecurity program that addresses the specific needs of the local water sector. Read the full article.
3 Security strategies for municipal utilities and critical infrastructures
To help states and territories self-assess gaps in both strategic and financial cyber planning, the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) instituted the State and Interoperability Makers system5—locally-driven, multi-jurisdictional, and multi-disciplinary statewide plans to enhance interoperable communications for public safety and officials at all levels of government. Learn three security strategies that municipal utilities and critical infrastructures can use to begin building a plan for combatting cyber threats. Read the full article.
Staying ahead of cyber threats
Cyber threats to critical infrastructure at the national, state, and local levels are showing no signs of slowing down. Instead of waiting for the other shoe to drop, municipalities are leveraging the knowledge they have and working proactively to keep systems and data secure. An increase in dedicated cybersecurity resources and guidance continues to be invaluable as strategies and approaches are implemented and honed. If your agency is looking to develop or improve a cybersecurity strategy, reserve some time with a CAI expert to better understand and comply with new government requirements and directives.
- Biden Jr., Joseph. "Executive Order on Improving the Nation's Cybersecurity." The White House. May 12, 2021, https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity. ↩
- “Biden Jr., Joseph. "National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems." The White House. July 28,2021, https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/28/national-security-memorandum-on-improving-cybersecurity-for-critical-infrastructure-control-systems. ↩
- “EPA Announces Action Plan to Accelerate Cyber-Resilience for the Water Sector.” The United States Environmental Protection Agency. January 27, 2022, https://www.epa.gov/newsreleases/epa-announces-plan-accelerate-cyber-resilience-water-sector. ↩
- Cybersecurity & Infrastructure Security Agency. December 15, 2022, https://www.cisa.gov. ↩
- “Statewide Communication Interoperability Plans.” Cybersecurity & Infrastructure Security Agency. December 15, 2022, https://www.cisa.gov/statewide-communication-interoperability-plans. ↩