US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks

US: Cyber Advisory: Feds Warn that Water Facilities Are Targets for Cyber Attacks

By Justine Phillips and Garrett Stallins



On October 14, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations, the Environmental Protection Agency, and the National Security Agency issued a joint advisory warning of active cyber threats to water and wastewater infrastructure in the United States. The advisory follows a string of prominent attacks on water facilities over the past year, including a hack of a water treatment plant in Florida where the attacker tried to elevate chemicals in the water to poison residents. The advisory itself reveals three previously unreported ransomware attacks on water facilities in California, Maine, and Nevada that occurred in 2021. Though federal authorities have often warned critical infrastructure sectors to beware threats from foreign state actors, this advisory largely focuses on ransomware.

Water has become a popular target for threat actors because, like energy, disruption can generate an instant crisis in surrounding communities, making water facilities attractive for criminals seeking to extort ransoms. The advisory highlights common attack vectors and mitigation strategies for spear phishing, outdated or unsupported software, insider threats and remote access vulnerabilities.

How DLA Piper Can Help

Defending your organization from cyber threats involves more than updating your firewall—it requires the right people, processes and technologies. DLA Piper’s Data Protection, Privacy, and Security practice can help you build a resilient security program from the ground up, from working with IT departments to identify vulnerabilities to training executive leadership to respond effectively to cyber incidents. Cybersecurity is more than a regulatory burden, it is a core competence for public and private entities to thrive in a digital world. For more information, please contact the authors or your DLA Piper relationship attorney.