Inside Cybersecurity

June 25, 2024

Daily News

ONCD’s workforce strategy includes pilot project to bolster water sector cybersecurity

By Charlie Mitchell / August 1, 2023

The cyber workforce strategy unveiled by the Office of the National Cyber Director includes a pilot program to train workers at small water systems on cybersecurity and readiness, to be run by the Cyber Readiness Institute and the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies.

“In August 2023, CRI and CCTI will launch the Phased Critical Infrastructure Pilot: Resiliency for Water Utilities, providing up to 200 small water utilities with basic cybersecurity training and promoting a culture of cyber readiness,” according to a White House fact sheet released Monday.

“Microsoft is sponsoring this initiative to help address the challenge of securing the nation’s water infrastructure from cyber threats,” the White House said. “The pilot is based on the CRI’s Cyber Readiness Program, which is designed to assist small- and medium-sized businesses improve their cybersecurity risk management and their ability to respond and recover from a cybersecurity incident.”

The fact sheet said, “CRI and CCTI will also use the initiative to create a better understanding of the level of cyber readiness across water utilities.”

The pilot program will “target up to 200 small water utilities with training, tools and assessment skills,” according to Mark Montgomery, senior director of CCTI at the Foundation for Defense of Democracies and leader of CSC 2.0, the successor group to the Cyberspace Solarium Commission. “It’s based on a proven Cyber Readiness Program that CRI has developed and championed,” he said.

“We have written for some time that the water sector in the weak link in our national critical infrastructure. It will take numerous efforts like this pilot to move the sector forward. The status quo is failing,” Montgomery told Inside Cybersecurity. The Solarium Commission identified cyber weaknesses in the water sector in its 2020 report and FDD has followed up with recommendations for a collaborative approach to improving security.

Montgomery said CCTI and CRI will work with the Water Information Sharing and Analysis Center and water associations to identify participants for the pilot project.

CRI is led by Karen Evans, a former senior official at the departments of Homeland Security and Energy. The group updated its cyber readiness program in March.

“The Phased Pilot will officially launch in August with approximately 50 utilities who manage water and wastewater infrastructure around the U.S.,” Evans told Inside Cybersecurity. “After the utilities complete phase one of the pilot program, CRI, CCTI, and Microsoft will analyze the results to identify the potential need for additional training resources focused on protecting critical infrastructure operations nationwide.”

“Additionally,” Evans said, “after the initiative expands up to 200 utilities, the final phase will rely on data collected through the CRI program and analyzed by CCTI to produce a report of water utility cyber readiness across different states.”

The “National Cyber Workforce and Education Strategy” was released Monday by ONCD.

Among the numerous pieces of the 57-page document, the strategy says, “Departments and agencies will explore publicly sharing models and resources for teaching foundational cyber skills that are produced through grants and contracts.”

The strategy encourages partnerships among state, local, tribal and territorial governments, industry and non-profit organizations to develop “a non-proprietary, web-based open knowledge network containing resources on foundational cyber skills.” -- Charlie Mitchell (