Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

866.430.2595
Request a Consultation

When it comes to securing, monitoring, and testing key infrastructure in the Water Industry, you need experts who specialize in Industrial Control Systems and distribution supply chains.

TRUE specializes in securing complex environments and core infrastructure that include SCADA or Industrial Control Systems. When you are ready to evaluate new technologies for modernizing your environment, our experts can help you consider security in your architecture from day one. Security by design will save you cycles later on, maximize ROI on your investment, reduce risk, and help prevent attacks.

Learn About Cyber Risk in Water Facilities

TRUE Will help you:

  • Follow AWWA Cybersecurity Risk Management Guidence
  • Modernize WWS Systems Securely
  • Establish High-level Security Baselines
  • Monitor Around-the-Clock for Security Threats
  • Lean on Our Expertise With SCADA and ICS 
  • Mitigate the Risk of a Cyber Breach

Learn More About Cybersecurity Services for Water and Wastewater Facilities

Download Now

Ongoing Cyber Threats to U.S. Water and Wastewater Systems


From US-CERT:

"This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities...

To secure WWS facilities—including Department of Defense (DoD) water treatment facilities in the United States and abroad—against the TTPs listed below, CISA, FBI, EPA, and NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory..."

Read More

WWS Sector cyber intrusions from 2019 to early 2021 include:

AUG 2021

Malicious cyber actors use Ghost variant ransomware against a California-based WWS facility. Ransomware variant was in systems a full month before three (3) supervisory control and data acquisition (SCADA) servers displayed a ransomware message.

JUL 2021

Cyber actors use remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. Treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.

MAR 2021

Cyber actors use unknown ransomware variant against a Nevada-based WWS facility. Ransomware affect the victim’s SCADA system and backup systems. SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).

SEP 2020

Personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.

MAR 2019

Former employee at Kansas-based WWS facility unsuccessfully attempts to threaten drinking water safety by using his user credentials, which were not revoked at the time of his resignation, to remotely access a facility computer.

Identify Next Steps With TRUE's Risk Advisory Services

 

Water facilities are high value targets for attackers, so identifying key gaps and vulnerabilities that could be used in a cyber attack can make a significant difference in your security posture. TRUE's Risk Advisory services give you an objective evaluation your environment and offer you a prioritized security roadmap. Our team will help you identify which steps will make the most significant difference right away so you can know where to start.

TRUE will help you establish baselines for protecting your environment and implement best security practices. We also offer a security program  management portal, TrueSpeed, for our clients to use in planning and executing key initiatives, tracking their security posture, and gaining visibility into ongoing network monitoring.

Learn More About Risk Advisory

Next Gen Network Monitoring

 

TRUE's Security Information and Event Management Solution unifies prevention, detection, and response in a seamless service-technology offering powered by our own 24x7x365, US-based Security Operations Center (SOC). TRUE’s certified analysts leverage a powerful enterprise tool stack that incorporates machine learning and automation to speed up response processes. TrueSIEM provides prevention, detection, and response across your network, rapid elimination of threats with fully automated, policy-driven response capabilities, and complete visibility into the endpoint environment with full-context, real-time forensics.  

TRUE specializes in protecting core U.S. infrastructure from our SOC, including utilities at a regional and national level.

Learn More About TrueSIEM

Don't Miss the Warning Signs

Attackers count on you to be too busy to investigate every alert, in every platform, every day. However, these alerts give context when you are experiencing broader, more layered and targeted attack, like those we have seen in the last two years. No longer are we dealing with a simple ransomware instance. You need to know when someone is navigating laterally through your environment, adding or deleting accounts, changing configurations. If you want to truly stop attacks, you need to be actively threat hunting throughout your network – all day, all night, 365 days per year.

TrueSIEM not only includes Next Gen Protection, but advanced capabilities, including:

    • Rapid Correlation of Threat Information
    • Active Threat Hunting
    • Automated Playbooks to Speed Up Response

Get Started with True Digital Security

Start Protecting Systems and Reduce Risk Exposure.

Request a Consultation

Contact Us Today!

Let us know your business needs and we will make sure to get back with you promptly!

* denotes required fields