The Maine CDC Drinking Water Program (DWP) has been advised that cyber-attacks against critical infrastructure targets in the US are increasing. Cyber criminals are often active on holidays and weekends when staffing levels in workplaces are relatively low. Typically, the intent of a cyberattack is to disrupt operations and/or fraudulently collect money. DWP considers these threats to be a high priority, and offers the following to help public water systems increase their cyber resilience: 1) a threat update, 2) resources to help increase your cybersecurity knowledge, 3) suggested initial response steps for a suspected cyber-attack, and 4) a link to a free EPA-funded cybersecurity assessment by the Horsley Witten Group.

1. THREAT UPDATE

Critical infrastructure, including the water and wastewater sector, is being targeted by both domestic and foreign cyber threat         actors. The FBI recently reported a 69% increase in internet crimes from 2019 to 2020. More information follows:

• Ransomware attacks are on the rise. In this type of attack, files and/or an entire computer is locked until a ransom is paid to the cybercriminal. See the Cybersecurity and Infrastructure Security Agency (CISA) ransomware website FMI: https://www.cisa.gov/stopransomware/general-information.
• There is also an increase in business email compromise scams(BECs). In this type of scam, cyber criminals trick the victim into paying for real contractor services to a fraudulent account, or into sharing employee direct deposit information. BECs are often initiated through an email sent from a seemingly known source, like a trusted vendor or colleague. FMI please see the FBI Cyber Division Private Industry Notification (PIN) 20210317-001
• The Microsoft Exchange Server vulnerability continues to be exploited. DWP sent out a blast email alert on this on 3/10/2021, which can also be found online here.

2. RESOURCES

• The DWP will soon be launching a new Cybersecurity Webpage. Stay tuned!
• The DWP Self-Assessment Tool for public water systems can be found here: Crisis Communication Kit and Media Relations (maine.gov).
• The EPA “Incident Action Checklist – Cybersecurity”is a short and rigorous guide to help public water systems prepare for, respond to and recover from a cyber-attack.
• For a more detailed read on increasing cybersecurity resilience for water and wastewater systems, see the WaterISAC 15 Cybersecurity fundamentals for Water and Wastewater Utilities, Best Practices to Reduce Exploitable Weaknesses and Attacks.
• Cybersecurity resources from the American Water Works Association (AWWA) can be found here: Cybersecurity & Guidance | American Water Works Association (awwa.org).

3. INITIAL RESPONSE STEPS FOR A SUSPECTED CYBER ATTACK

• Disconnect compromised computers from the internet, but DO NOT power off or reboot your device or equipment.
• Activate your Emergency Response Plan (ERP).
• Notify your IT provider and your local Police Department.
• Document key information (e.g. What did you notice? When did you notice it?).
• Initiate manual operations if process control systems have been compromised.
• Notify the DWP.

4. FREE EPA-FUNDED CYBERSECURITY ASSESSMENT BY HORSLEY WITTEN GROUP
   
   EPA and the Horsley Witten Group (HWG) have partnered to offer free, confidential, cybersecurity assessments and technical assistance to interested water and wastewater utilities. The assessments and technical assistance are completely virtual and available via appointments here: https://horsleywitten.com/cybersecurityutilities/

After contacting your IT provider and taking any other needed initial response steps, please contact your DWP Inspector and local law enforcement office if you have (or may have) experienced a cyber security incident.