You are here

TLP:WHITE Joint Advisory Regarding Ongoing Cyber Threats to U.S. Water and Wastewater Systems

TLP:WHITE Joint Advisory Regarding Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Created: Thursday, October 14, 2021 - 14:26
Cybersecurity, OT-ICS Security, Security Preparedness

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) released a joint advisory (AA21-287A) today highlighting malicious cyber activity targeting the U.S. water and wastewater sector. The advisory captures threat activity against information technology (IT) and operational technology (OT) networks, systems, and devices. WaterISAC collaborated on the advisory. The intent of the advisory is not indicative of increased malicious activity, but only highlights consistent activity observed against water and wastewater sector entities over the last several years. Accordingly, although cyber threats across critical infrastructure sectors are increasing, this advisory does not intend to indicate greater targeting of the water and wastewater sector versus other sectors.

The joint advisory highlights known intrusions and threats from insiders, ransomware, and remote access and uses the MITRE ATT&CK® framework to help utilities better understand and categorize adversary actions. The advisory contains recommended mitigations, including immediate actions water and wastewater utilities can take now to protect against malicious cyber activity – many recommendations can be found in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities (also referenced in the joint advisory). Most importantly, it is recommended that water and wastewater facilities use a risk-informed analysis to determine the applicability of a range of technical and nontechnical mitigations to detect, respond to, and reduce the risk from cyber threats. Members are encouraged to read the joint advisory at CISA or the attachment below.

For additional resources, please visit the CISA National Critical Functions - Supply Water and Manage Wastewater webpage which includes an announcement regarding this Joint Advisory along with additional resources – including two informative infographics – for Cyber Risks and Resources for the Water and Wastewater Sector.

To report suspicious or criminal activity related to information found in this advisory, contact your local FBI field office at, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at

WaterISAC Incident Reporting
Additionally, WaterISAC encourages any members who have experienced malicious or suspicious activity to email, call 866-H2O-ISAC, or use the online incident reporting form.