Ransomware Recommendations Update

Our colleagues at DHS have informed us that Microsoft has provided specific risk management steps for WannaCry at the following location:  https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

WannaCry continues to pose significant risks and virtually any organization is at potential risk of attempted WannaCry propagation.

Ransomware Response Recommendations

Our colleagues at DHS recommend that if any of your water systems are victims of a ransomware attack, they should take the following steps:

  1. Please contact your FBI Field Office Cyber Task Force (fbi.gov/contact-us/field/field-offices) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT (us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).

For more information on cyber protections and the WannaCry Ransomware:

Microsoft Ending Support for Windows Vista

Editor’s Note:  This information was provided by our colleagues at the WaterISAC.

If you know of any water systems still using the Windows Vista operating system, please let them know about the following ASAP.

“All software products have a lifecycle.  After April 11, 2017, Microsoft is ending support for the Windows Vista operating system.  After this date, this product will no longer receive security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.  Computers running the Windows Vista operating system will continue to work even after support ends.  However, using unsupported software may increase the risks of viruses and other security threats.  Users and administrators are encouraged to upgrade to a currently supported operating system.  For more information, see Microsoft’s Vista support and product lifecycle articles.”

DHS Hosts National Cyber Incident Response Plan Webinars

You are invited to attend any one of four webinars hosted by DHS to learn more about and share your thoughts on the newly released National Cyber Incident Response Plan (NCIRP).  This is an essential component of DHS’s mission to strengthen the security and resilience of the Nation by working to improve the ability of all to manage cyber incidents.

You do not need to register in advance, on the day of the event, just use the links provided in the information below.  Each one hour webinar session will cover the same information.

NCIRP Stakeholder Webinar #1

DATE:              Monday March 27, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r3fctx11w2x/

DIAL:               1-800-320-4330/Passcode:  372094


NCIRP Stakeholder Webinar #2

 DATE:              Tuesday March 28, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r8bvryj2nu9/

DIAL:               1-800-320-4330/Passcode: 372094


NCIRP Stakeholder Webinar #3

DATE:              Wednesday March 29, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r6cmtu0qngo/

DIAL:               1-800-320-4330/Passcode 372094


NCIRP Stakeholder Webinar #4

DATE:              Thursday March 30, 2017

TIME:               3:00-4:00PM (eastern)

CONNECT:      https://share.dhs.gov/r22skziadr4/

DIAL:               1-800-320-4330/Passcode 372094

This Plan applies to cyber incidents and more specifically significant cyber incidents that are likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.  We plan to discuss how the NCIRP can be leveraged within your communities.


  • Describes a national approach to dealing with cyber incidents, and the important role that the private sector, States, and multiple federal agencies play in responding to incidents and how the actions of all fit together for an integrated response;
  • Reflects and incorporates lessons learned from exercises and real U.S. incidents and policy updates, such as Presidential Policy Directive (PPD)-41 on Cyber Incident Coordination Policy and the National Cybersecurity Protection Act of 2014; and
  • Reinforces and describes the roles of the lead Federal agencies during a significant cyber incident

To view the final NCIRP, visit https://www.us-cert.gov/ncirp

The Internet of Things – Wait…What?

Editor’s Note:  Many of you may already be quite conversant with the “Internet of Things” but I had to go looking.  Why?  Because, as a technologically advanced protocol for connectedness, it can be very useful.  However, it also has the potential to affect water system operations in a not so useful manner.  By the way, the Internet of Things is often referred to as IoT.

The following are excerpts from an article written by Jacob Morgan for Forbes Magazine in 2014.

“The “Internet of things” (IoT) is becoming an increasingly growing topic of conversation both in the workplace and outside of it. It’s a concept that not only has the potential to impact how we live but also how we work. But what exactly is the “Internet of things” and what impact is it going to have on you, if any?

Simply put, this is the concept of basically connecting any device with an on and off switch to the Internet (and/or to each other). This includes everything from cellphones, coffee makers, washing machines, headphones, lamps, wearable devices and almost anything else you can think of.  This also applies to components of machines, for example a jet engine of an airplane or the drill of an oil rig.  The analyst firm Gartner says that by 2020 there will be over 26 billion connected devices…The IoT is a giant network of connected “things” (which also includes people).  The relationship will be between people-people, people-things, and things-things.

How Does This Impact You?

The new rule for the future is going to be, “Anything that can be connected, will be connected.” But why on earth would you want so many connected devices talking to each other? There are many examples for what this might look like or what the potential value might be…What if your alarm clock wakes up you at 6 a.m. and then notifies your coffee maker to start brewing coffee for you? What if your office equipment knew when it was running low on supplies and automatically re-ordered more?  What if the wearable device you used in the workplace could tell you when and where you were most active and productive and shared that information with other devices that you used while working?  On a broader scale, the IoT can be applied to things like transportation networks: “smart cities” which can help us reduce waste and improve efficiency for things such as energy use; helping us understand and improve how we work and live.

Security is a big issue that is oftentimes brought up. With billions of devices being connected together, what can people do to make sure that their information stays secure? Will someone be able to hack into your toaster and thereby get access to your entire network? The IoT also opens up companies all over the world to more security threats. Then we have the issue of privacy and data sharing. This is a hot-button topic even today, so one can only imagine how the conversation and concerns will escalate when we are talking about many billions of devices being connected. Another issue that many companies specifically are going to be faced with is around the massive amounts of data that all of these devices are going to produce. Companies need to figure out a way to store, track, analyze and make sense of the vast amounts of data that will be generated.

So What Now?

Conversations about the IoT are (and have been for several years) taking place all over the world as we seek to understand how this will impact our lives. We are also trying to understand what the many opportunities and challenges are going to be as more and more devices start to join the IoT. For now the best thing that we can do is educate ourselves about what the IoT is and the potential impacts that can be seen on how we work and live.”

Now that you have a better understanding of IoT, here’s some more helpful information from DHS…

While the IoT can provide efficiency, convenience, and interactivity features that are attractive, the IoT can also be vulnerable to manipulation by malicious actors, as observed in recent distributed denial of service (DDoS) attacks. US-CERT recommends reviewing the Strategic Principles for Securing the Internet of Things to learn more.


TEEX Offers Cyber Courses

Our colleagues at TEEX, the Engineering Extension Service at Texas A&M University, have posted their latest schedule for upcoming cyber security courses.  Click on the course name for more information.

Date Location
Promoting Community Cybersecurity
February 16, 2017 Albuquerque, New Mexico
Essentials of Community Cybersecurity
November 8, 2016 Sanford, Florida
November 8, 2016 Westminster, California
December 6, 2016 Los Angeles, California
February 15, 2017 Albuquerque, New Mexico
April 11, 2017 Nashville, Tennessee
June 6, 2017 Egg Harbor, NJ
Community Preparedness for Cyber Incidents
MGT 384
November 8-9, 2016 Sanford, Florida
November 8-9, 2016 Westminster, California
December 6-7, 2016 Los Angeles, California
April 11-12, 2017 Nashville, Tennessee
June 6-7, 2017 Egg Harbor, New Jersey
Community Cybersecurity Exercise Planning
MGT 385
December 08-09 2016 Los Angeles, CA
December 13-14, 2016 Dallas, TX
December 8-9, 2016 Salem, Oregon
February, 21-22, 2017 Nashville, Tennessee




WaterISAC Shares Updated Cyber Measures

Our colleagues at the WaterISAC have recently updated their 10 Basic Cybersecurity Measures:  Best Practices to Reduce Exploitable Weaknesses and Attacks.  It was developed in partnership with the U.S. Department of Homeland Security ICS-CERT, the FBI, and the Information Technology ISAC.  As you read through, note that each recommendation is accompanied by links to corresponding technical resources.   The updated guide is available here https://www.waterisac.org/sites/default/files/public/10_Basic_Cybersecurity_Measures-WaterISAC_Oct2016%5B2%5D.pdf


US-CERT Shares Ways to Avoid Cyber Incidents

The Department of Homeland Security’s United States Computer Emergency Team (US-CERT) has just released a new cyber alert called, The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations (September 28, 2016).  In plain English, the document outlines consequences for three different types of attacks:

  • If your computer network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure; compromise your SCADA or business records; publish confidential information; and even prevent you from using your own data (denial of service).
  • Intruders with infrastructure privilege and access can impede productivity and severely hinder re-establishing network connectivity. Even if other compromised devices are detected, tracking back to a compromised infrastructure device is often difficult.
  • Malicious actors with persistent access to network (disgruntled employees, unhappy vendors).

In the new alert, US-CERT offers six practical ways to enhance the integrity and security of your computer infrastructure.

  1. Segregate Networks and Functions
  2. Limit Unnecessary Lateral Communications
  3. Harden Network Devices
  4. Secure Access to Infrastructure Devices
  5. Perform Out-of-Band Management
  6. Validate Integrity of Hardware and Software

The full document can be downloaded here https://www.us-cert.gov/ncas/alerts/TA16-250A and covers each of the items above in greater detail and with recommended actions.


Yahoo and Other Data Breach Victims

The Federal Trade Commission (FTC) has released a step-by-step video to users whose personal information may have been exposed in a data breach.  This video provides instruction on how to report an incident and develop a personal recovery plan after a data breach has occurred.

US-CERT encourages users to review the FTC blog and US-CERT Tips on Avoiding Social Engineering and Phishing Attacks, Safeguarding Your Data, and Protecting Your Privacy for more information.

Cyber Evaluation Tool Webinar

Editor’s Note:  This invitation comes from our colleagues at DHS ICS (Industrial Cyber Security) Workgroup.  Please share this with your water utilities.  As well, consider participating yourself so that you’ll know what tools water systems have to evaluate their cyber programs.

Do you have cybersecurity concerns?  The ICS-CERT Cyber Security Evaluation Tool (CSET) Version 8.0 tool is designed to help you quickly gain a clear cybersecurity operating picture, establish your priorities, and tighten up your organization’s cybersecurity.  The CSET tool is an easy step by step, tax software like, guide to help you best understand what you need to do and where to focus your efforts.

Join us for an introduction webinar to the updated CSET 8.0.  See the new features, learn how to use CSET to increase your cybersecurity defenses, and ask questions to the CSET development team.

DATE:              September 20, 2016

TIME:               10:00AM-Noon (eastern)

REGISTER:    https://attendee.gotowebinar.com/register/8105066833474858754


If you happen to be in Ft. Lauderdale between September 13 and15, you may also participate in the ICS Joint Workgroup Fall Meeting.  More information about this meeting may be found at this link Industrial Control Systems Joint Working Group (ICSJWG) 2016 Fall Meeting in Ft. Lauderdale, FL, September 13-15, 2016.