WaterISAC and the USEPA are alerting the water and wastewater systems sector to new information regarding a potential cyber threat to United States critical infrastructure. All water and wastewater system owners and operators should read this alert and the attached advisories* and adopt the recommended mitigation actions if needed.
On February 11, 2022, National Security Advisor Jake Sullivan stated that new Russian forces continue to arrive at the Ukrainian border and that, “we are in the window when an invasion could happen at any time.” If Russia takes military action against Ukraine, the response by the United States, “would include severe economic sanctions with similar actions taken by the European Union, the United Kingdom, Canada and other countries.”
In an Intelligence Brief issued on January 23, 2022, the Department of Homeland Security (DHS) stated, “We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of- service to destructive attacks targeting critical infrastructure.” See attached DHS Office of Intelligence and Analysis, Intelligence in Brief, Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine (DHS-IA-IB-2022-00927).
Due to these current events, WaterISAC and the USEPA strongly encourage water and wastewater system owners and operators to maintain a heightened awareness for possible intrusions into their operational networks and to prepare to maintain critical operations if process control networks are disabled. Review the December 20, 2021, Advisory from WaterISAC and USEPA for tactics, techniques, and procedures used by Russian and Russian state-sponsored proxies and, where necessary, adopt the recommended mitigation actions to reduce risk from and build resilience to potential attacks. (See attached USEPA-WaterISAC Advisory, Cybersecurity Recommendations in Consideration of the CISA/FBI/NSA Advisory on Russian State-Sponsored Cyber Operations Against U.S. Critical Infrastructure).
The USEPA and WaterISAC delivered a webinar recently to provide additional information on the Cybersecurity Recommendations Advisory that is located at the following link: https://www.waterisac.org/portal/dec21-jan22-epa-waterisac-webinars.
To access the webinar recording, login to your WaterISAC account. If you are not a member, please request a free trial membership at https://www.waterisac.org/.
- (U–FOUO) IIB – Warning of Potential for Cyber Attacks Targeting 01232022 (004)
- USEPA-WaterISAC Advisory on Cybersecurity Recommendations_Dec_2021
Patti Kay Wisniewski, Drinking Water Security/Preparedness/Resilience Coordinator
USEPA Region 3