| Water community urged to protect against holiday hackers
AWWA Articles

Water community urged to protect against holiday hackers

Beware of the Grinch – that unscrupulous hacker lurking in the shadow of your critical networks and systems, hoping to wreak havoc over the upcoming holiday season.

The GrinchThat’s the alert recently relayed by two U.S. agencies battling cyberattacks -- the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). In a joint Nov. 22 press release, the two agencies noted that serious ransomware attacks have occurred during previous holidays and weekends and urged all public and private organizations to take precautions against potential cyberattacks.

“While we are not currently aware of a specific threat, we know that threat actors don’t take holidays,” stated CISA Director Jen Easterly in the press release. “We will continue to provide timely and actionable information to help our industry and government partners stay secure and resilient during the holiday season.”

The agencies suggest that organizations adopt the following best practices to lessen the threat of a cyberattack:

  • Designate employees to be responsible for information technology security over weekends and holidays should a ransomware attack occur
  • Implement multi-factor authentication for remote access and administrative accounts
  • Remind employees not to click on suspicious links or attachments
  • Review or update incident response and communication plans related to a ransomware attack 
  • Ensure that potentially risky services such as remote desktop protocol (RDP) are secure and monitored
  • Report any suspicious cyber activity to the FBI’s Internet Crime Complaint Center or CISA

A Joint Cybersecurity Advisory provides a more comprehensive ransomware awareness overview, and more resources are available at the U.S. government’s “Stop Ransomware” website. In addition, AWWA’s Cybersecurity & Guidance resource page provides water sector-specific information, including the Cybersecurity Guidance and Assessment Tool, which have been recognized by multiple federal agencies and states to support water systems in evaluating cybersecurity risks.