The Electricity Information Sharing and Analysis Center’s (E-ISAC) Long-Term Strategic Plan has three primary focus areas—Engagement, Information Sharing, and Analysis—and embraces the following ongoing needs: review priorities under each focus area, ensure alignment between priorities, optimize resource allocation, and develop, refine, and track metrics to measure progress.
In 2019, the E-ISAC took steps to improve the efficiency of operations and prioritize higher impact activities. The E-ISAC strengthened its leadership and security operations and reorganized to align and optimize cyber and physical security teams as part of an integrated watch operations team. The E-ISAC also focused on developing Portal postings and products that offer greater context and more actionable information. In addition, the E-ISAC created a performance management group to oversee the implementation of process improvements, technology, and metrics to improve the quality, timeliness, and value of information sharing, data management, and analysis.
This plan provides updates to reflect those improvements and identifies near- and long-term focus areas.
On February 11th, 2021, a join cybersecurity advisory, which was co-authored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on the recent compromise of a U.S. water treatment facility, was released.
The E-ISAC is re-sharing that advisory for your situational awareness:
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cyber-security weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).
For more information, please see the full document attached to this bulletin.
On August 10-14, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) conducted Cyber Storm 2020 (CS 2020), the seventh iteration of the national capstone cyber exercise that brings together the public and private sectors to simulate response to a cyber crisis impacting the Nation’s critical infrastructure.
Cyber Storm exercises are part of CISA’s ongoing efforts to assess and strengthen cyber preparedness and examine incident response processes. The exercise findings contribute to safeguarding the Nation’s security and cyber infrastructure by identifying ways to strengthen coordinated incident response along the whole-of-Nation approach outlined in the National Cyber Incident Response Plan (NCIRP).
CISA sponsors the exercise series to improve capabilities of the cyber incident response community, encourage the advancement of public-private partnerships within the critical infrastructure sectors, and strengthen the relationship between the Federal Government and its government partners at the state, local, and international levels.