Cybersecurity Series: Start Planning Today For Smart Incident Response

Xylem is partnering with customers around the world to help them build resilient networks, including enhancing cybersecurity protections. Over the coming months, Xylem’s experts will share perspectives on the burning issues on the minds of water operators and users and strategies to enhance cybersecurity. Here, Clay Carter, Vice President, Head of Product Security discusses best practices for Incident Response and how the most effective response begins long before an incident occurs.

Water operators and users around the world are doubling-down on advanced technologies to address intensifying challenges like water scarcity, the affordability of water and resilience to climate change. Our view at Xylem is that strengthening cybersecurity protections goes hand-in-hand with scaling these solutions.

As we continue to adapt our ways of working to maximize the digital opportunity, we must put cybersecurity at the center of the conversation. And at Xylem, we believe that this responsibility does not sit with a single entity or function; it requires a true team effort, from utilities, industrials and other businesses to solutions and service providers and integrators. 

Recent high-profile cyber incidents have added urgency to conversations around resilience-building strategies - but the water sector has more work to do.

According to a survey of U.S. utilities conducted by the Water Sector Coordinating Council (WSCC) in April 2021, 38% of systems allocate less than 1% of budget to Information Technology (IT) cybersecurity. 44% of systems allocate less than 1% of budget to Operational Technology (OT) security. These findings indicate that while cybersecurity may be top-of-mind, many are not yet taking action. We must move to the driving seat to proactively manage risk. We must shift from passivity to proactivity to embed cyber resilience.

Incident Response begins today

The first step in managing cyber risk is building a plan that sets out the range of stakeholders and proactive cybersecurity activities required to continuously monitor and protect against a cybersecurity threat. These activities include: training to increase awareness of threats to utilities and processes to safeguard networks; active monitoring of assets and processes; keeping systems up to date according to vendor guidelines; and preparation for future recovery activities.

Planning is most effective when it is based on a ‘when, not if’ approach to cyber risk. Our team at Xylem is partnering with customers to help them plan long before an incident occurs and with multi-stakeholder input. 

We encourage water operators to consider these guiding principles for planning:

1. Create an actionable plan by ensuring staff understand and have ownership of the plan. The WSCC survey found that 51% identify need for tailored training and education for water sector professionals. As we adopt increasingly connected and integrated solutions, we need to empower teams with the knowledge to understand potential risks, strategies to mitigate these risks and each stakeholder’s specific role within this effort. Begin by deciding who within an organization should be involved in developing the plan and its ongoing activation. Engage them early and often to support a cohesive and collaborative approach.
   
   
2. Don’t go it alone. Know who to call for help, and when. Building resilience to cyber risk is a collective effort. Think beyond your organization for support on incident planning and response. 47% of U.S. utilities identified the need for technical assistance, advice, assessments or other support. Consider the ecosystem of partners to leverage expertise offered by industry associations, partners, and retained service providers. 
   
   Today, there are Incident Response services that can be kept on retainer by the operators of water and wastewater OT networks, thus reducing the burden on utilities to maintain specialized expertise. For example, at Xylem we partner with global cybersecurity solution provider, Dragos, to protect customers through an Incident Response retainer. This approach helps our customers with all aspects of planning and response, from developing an information management strategy (to assure that logging and backups are adequate for desired response) to rapidly responding during a cyber threat event to gather forensics, diagnose issues, and quickly get OT networks back to secured operations. 
   
   
3. Work to build capability to reduce risk. While more than half of the systems surveyed (57%) by WSCC say they have a risk management plan that addresses cybersecurity, only 1 in 4 (23%) perform cybersecurity risk assessments annually. Establish processes to embed these practices to build awareness and accountability across your organization. 

A collaborative or ecosystem approach to cybersecurity means that each participant is empowered to manage risk where they have greatest intimacy. For example, the product maker focuses on product security (e.g., component hardening) and secure deployment guidance, the integrator focuses on implementing secure deployment (e.g., secure network architecture) and provides assessment guidance, the operator focuses on continuous security maintenance (e.g., operational resilience) and effective Incident Response. Each actor within the ecosystem plays to their strengths for the optimal outcome and continuous improvement.

With proactive, collaborative planning and a sustained focus on managing cyber risk, we can stay one step ahead of cyber threats. The impetus is there; let’s seize the opportunity to embed cybersecurity as a key element of our industry’s transformation.

For more information on our approach to Product Cybersecurity or to contact our security team, please visit xylem.com/security.