"Small Utilities, Hospitals Struggle With Newer Cyber Threats"

According to government officials, small electric utilities, wastewater facilities, and hospitals struggle to defend their organizations against new cyber threats due to limited resources. David Travers, head of the Environmental Protection Agency's (EPA) Water Infrastructure and Cyber Resilience Division, emphasized that about 100,000 drinking water systems and 16,000 wastewater systems serve the US and its territories, with customer bases ranging from over 8 million to less than 500 people. The most significant cyber risk in the water industry is the failure of many utilities to adopt best practices. Travers added that this critical vulnerability is evident from a recent industry survey, which revealed that most utilities had not taken key steps to protect their operations. Cyber incidents at water systems have also exploited the failure to implement cybersecurity best practices. Hundreds of smaller water and wastewater systems have received individualized technical assistance from the EPA, and subject matter experts have identified gaps in cybersecurity best practices and implemented remediation actions tailored to the utility entities' resources and objectives. The agency announced in March that it will incorporate cybersecurity into periodic safety assessments. According to Brian Mazanec of the Department of Health and Human Services (HHS), the department has developed different sets of industry best practices for small, medium, and large hospital systems, with resources that small hospitals can use as-is. This article continues to discuss cybersecurity challenges faced by small utilities and hospitals as well as efforts to help them. 

GovInfoSecurity reports "Small Utilities, Hospitals Struggle With Newer Cyber Threats"