January 26, 2015 Leave a comment
Our colleagues at the WaterISAC, along with several other ISACs and DHS ICS-CERT have developed a “top ten” list of basic cybersecurity recommendations that all water and wastewater utilities can use to minimize their vulnerability to cyber breaches and defend against cyber attacks. These low or no cost common sense recommendations should work for any system size or type.
Each recommendation is accompanied by links to corresponding technical resources.
- Update systems and software
- Use only strong passwords and change default passwords
- Apply firewalls to implement network segmentation
- Minimize network exposure for all control system devices
- Establish role-based access controls
- Use secure remote access methods
- Do not open suspicious email or respond to suspicious phone calls
- Limit use of removable storage devices
- Develop and enforce policies on mobile devices
- Develop a cybersecurity incident response plan