Multiple statements emanated from the White House yesterday regarding evolving intelligence that the Russian government is exploring options for potential cyber attacks and that preparatory actions have been observed against U.S. critical infrastructure. WaterISAC posted and distributed an advisory, Update from the White House – Act Now to Protect Against Potential Cyber Attacks, shortly after the initial White House release. Additionally, the White House statements included a press briefing from Deputy National Security Advisor, Anne Neuberger emphasizing the repeated call-to-action that the federal government began in December 2021 for critical infrastructure owners and operators to be vigilant and protect the services Americans rely on. While there is no evidence of anything specific or certainty that there will be a cyber attack on critical infrastructure, Ms. Neuberger shared that companies who the government thought might be affected received a classified briefing last week. Yesterday’s statements were to provide broader awareness to this evolving information.

Given this dynamic threat landscape, members are highly urged to follow previously shared guidance with particular attention to the actions shared in yesterday’s FACT SHEET: Act Now to Protect Against Potential Cyberattacks distributed by the White House. For more detailed guidance, regularly review CISA’s Shields Up, Shields Up Technical Guidance, and Known Exploited Vulnerabilities Catalog for updates, and previously published WaterISAC and EPA webinars and advisories for cybersecurity measures and relevant resources to protect against Russian state-sponsored cyber activity. Likewise, visit Russia Cyber Threat Overview and Advisories for an overview of CISA's assessments and reports of the Russian government’s malicious cyber activities.

Prior WaterISAC and EPA Advisories and Webinars

• Russian State-Sponsored Actors Combine Exploits to MFA Protocols and a Known Vulnerability
• U.S. EPA-WaterISAC Joint Notification on Protecting VSAT Networks and Communications
• Mandiant-WaterISAC Webinar: Critical Infrastructure Threats from Current Geopolitical Tensions
• U.S. EPA-WaterISAC Advisory on Potential Threat to Critical Infrastructure
• EPA-WaterISAC Webinar: Cybersecurity Recommendations in Consideration Russian State-Sponsored Cyber Operations Against U.S. Critical Infrastructure
• (TLP:AMBER) U.S. EPA-WaterISAC Advisory on Recommendations in Consideration of Russian Cyber Operations
• (TLP:WHITE) Joint Cybersecurity Advisory (AA22-011A) Issued to U.S. Critical Infrastructure for Understanding and Mitigating Russian State-Sponsored Cyber Threats

Incident Reporting
WaterISAC encourages all utilities that have experienced malicious or suspicious activity to email analyst@waterisac.org, call 866-H2O-ISAC, or use the confidential online incident reporting form. Reporting to WaterISAC helps utilities and stakeholders stay aware of the threat environment of the sector.