FBI - WARN OF CYBER THREATS TO WATER & WASTEWATER SYSTEMS

The advisory provides a threats overview, which includes spear phishing personnel to deliver malicious payloads, including ransomware.

A coalition of federal agencies warned that hackers are targeting the water and wastewater treatment sectors.

In a joint advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the U.S. EPA, and the National Security Agency (NSA), these organizations highlighted ongoing malicious cyber activity. This cyber activity is by both known and unknown actors and targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of the U.S. Water and Wastewater Systems (WWS) Sector facilities.

“This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities,” stated the advisory. “Note: although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the WWS Sector versus others.”

The advisory provides a threats overview, which includes spear phishing personnel to deliver malicious payloads, including ransomware. Other threats include insider threats from current or former employees who maintain improperly active credentials.

The joint advisory lists cyber intrusions from 2019 to early 2021 including:

Mitigations for the cyber threats recommended include: wastewater monitoring; remote access mitigations; network mitigations; planning and operational mitigations; and safety system mitigations.