{"id":237158,"date":"2026-06-25T11:55:00","date_gmt":"2026-06-25T15:55:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/25\/nist-offers-security-guidance-for-water-utilities-using-remote-access-tools\/"},"modified":"2026-06-25T12:05:29","modified_gmt":"2026-06-25T16:05:29","slug":"nist-offers-security-guidance-for-water-utilities-using-remote-access-tools","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/25\/nist-offers-security-guidance-for-water-utilities-using-remote-access-tools\/","title":{"rendered":"NIST offers security guidance for water utilities using remote-access tools"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/water-utilities-remote-access-nist-guidance\/823776\/\">NIST offers security guidance for water utilities using remote-access tools<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/water-utilities-remote-access-nist-guidance\/823776\/\">https:\/\/www.cybersecuritydive.com\/news\/water-utilities-remote-access-nist-guidance\/823776\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-25 11:55:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Dive Brief:<\/p>\n<p>Water utilities that use remote-access software should carefully restrict access, enforce multifactor authentication (MFA) and maintain comprehensive access logs to help them investigate possible breaches, the National Institute of Standards and Technology (NIST) said in guidance published on Wednesday.<br \/>\nThe secure remote-access guidance, developed through NIST\u2019s National Cybersecurity Center of Excellence (NCCoE), lists security considerations and describes how water utilities can implement remote access through either on-premises or cloud environments.<br \/>\nRemote-access software is one of the water sector\u2019s biggest cybersecurity weaknesses, enabling several Iran-linked cyberattack campaigns against U.S. water systems.<\/p>\n<p>Dive Insight:<br \/>\nNCCoE experts included several example architectures in their guidance document. One illustrates how to set up role-based access controls through the remote-access software TDI ConsoleWorks. Another demonstrates how to use Cisco Duo\u2019s MFA service with the StrongDM access-management platform. A third describes how to use Q-Net Security products to encrypt communications between network devices.<br \/>\n\u201cThe ability to provide secure remote access to the water systems is crucial to the efficient operation of today\u2019s [water systems],\u201d the document says. \u201cEach utility should tailor their cybersecurity practices to address the unique needs of its own organization. The goal is to assist the [water] utilities in ensuring the security and availability of remote access capability so that operations can continue uninterrupted, despite current and evolving threats.\u201d<br \/>\nOne of the document\u2019s most important sections is a list of security considerations for utilities that want to use remote access. Recommendations include employing least-privilege principles, regularly updating remote-access software to the latest version, carefully inventorying remotely accessible systems (which can help organizations quickly locate and disconnect vulnerable devices) and configuring networks with zero-trust architecture, including packet inspection and demilitarized zones.<br \/>\nNIST recommends organizations first consider alternatives to traditional remote access that carry less risk, such as one-way remote-alarming systems that notify employees of the need to take action. \u201cSome facilities may choose to operate on-site only,\u201d the document says, \u201crequiring employees and contractors to come on-site to perform all operational tasks.\u201d<br \/>\nWater utilities face some of the biggest cybersecurity threats, both because they are among the least-protected infrastructure and because their vital services make them high-value targets for nation-state threat actors. Iran-linked hackers have targeted U.S. critical infrastructure with destructive malware during the war in the Middle East, and China\u2019s Volt Typhoon campaign has breached numerous infrastructure operators over the past several years.<br \/>\nAs the threats have grown, the federal government has expanded its scrutiny of water systems\u2019 cybersecurity postures, and volunteer security professionals have deployed across the country to help operators make improvements. But experts say the sector is still woefully unprepared to defend itself.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NIST offers security guidance for water utilities using remote-access tools https:\/\/www.cybersecuritydive.com\/news\/water-utilities-remote-access-nist-guidance\/823776\/ Publish Date: 2026-06-25 11:55:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":237159,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/t5eDjMOweJ2cYF7R7CZlY52Yseu3XVYAdwamFJV9CEg\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMDk5OTMxMjc1LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-237158","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237158"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=237158"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237158\/revisions"}],"predecessor-version":[{"id":237160,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/237158\/revisions\/237160"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/237159"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=237158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=237158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=237158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}