U.S. EPA-WaterISAC Joint Notification on Protecting VSAT Networks and Communications

WaterISAC and the U.S. Environmental Protection Agency (EPA) are notifying water and wastewater systems about the recent cybersecurity advisory from the National Security Agency (NSA) regarding very small aperture terminal (VSAT) networks. A very small aperture terminal (VSAT) is a two-way ground station that transmits and receives data from satellites. VSAT is largely used to monitor and operate remote infrastructure, particularly when other options are not feasible. Per the NSA Cybersecurity Advisory, Protecting VSAT Communications, traffic over these terminals may be targeted by adversaries who wish to disrupt vital communications to critical infrastructure. Likewise, VSAT equipment may be vulnerable to compromise and illicit firmware modification. Water and wastewater systems that use VSAT networks are strongly encouraged to read the NSA Cybersecurity Advisory and follow the recommended best practices, such as encrypting communications, changing any default credentials before use, and keeping all hardware and firmware updated. The Cybersecurity Advisory can be obtained from WaterISAC or the NSA.