Joint Advisory Warns of Ongoing Cyber Threats to Water and Wastewater Systems

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Environmental Protection Agency (EPA) yesterday published a joint advisory (AA21-287A) warning of “ongoing malicious activity—by both known and unknown actors” directed against water and wastewater treatment facilities. It emphasizes the threat of spearphishing as well as exploitation of outdated operating systems and vulnerable control system firmware. The intent of the advisory is not indicative of increased malicious activity, but only highlights consistent activity observed against water and wastewater sector entities over the last several years.

The advisory contains recommended mitigations, including immediate actions water and wastewater utilities can take now to protect against malicious cyber activity.

For additional resources, please visit the National Critical Functions Supply Water and Manage Wastewater webpage, which includes an announcement regarding this Joint Advisory along with additional resources – including two informative infographics – for Cyber Risks and Resources for the Water and Wastewater Sector.