NMED News:

The U.S. EPA is issuing this alert to inform water and wastewater system owners and operators of the need for increased vigilance for potential cyber activity in the United States due to the current geopolitical environment. The U.S. Department of Homeland Security (DHS) published a National Terrorism Advisory System Bulletin, indicating that low-level cyberattacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian Government may conduct attacks against U.S. networks. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) published a fact sheet warning that Iranian-affiliated cyber actors may target U.S. devices and networks for near-term cyber operations.

Iranian-affiliated cyber actors have demonstrated the ability to exploit operational technology (OT) devices at U.S. water and wastewater systems, forcing many systems to revert to manual operations and resulting in operational impacts.

Mitigations

All drinking water and wastewater systems are strongly encouraged to implement the following mitigations immediately to enhance resilience against low-level cyberattacks:

• Reduce OT Exposure to the Public-Facing Internet
• Replace All Default Passwords on OT Devices with Strong, Unique Passwords
• Implement Multifactor Authentication for Remote Access to OT Devices

In addition to these immediate actions, drinking water and wastewater systems are encouraged to adopt the actions outlined in the CISA, EPA, and FBI Top Cyber Actions for Securing Water Systems Fact Sheet to further reduce cyber risk and improve resilience against malicious cyber activity.

Conclusion

Water and wastewater system owners and operators should direct their IT/OT system administrators to review this alert for further use and implementation. If you rely on third party vendors for technology support, then you are encouraged to contact them to confirm their awareness of this threat.

Organizations are encouraged to report information concerning suspicious or criminal activity to FBI Internet Crime Complaint Center (IC3) at https://www.ic3.gov/ or to CISA via CISA’s Incident Reporting System. If you have questions about any of the information contained in this document, please contact the Water Infrastructure and Cyber Resilience Division, Cybersecurity Branch at watercyberta@epa.gov.