Cybersecurity Advisory for the Water Sector

Attention VA AWWA Members:

The WaterISAC has issued a cybersecurity advisory for the water sector in response to a ransomware attack on a large public water utility. Read the full story for an email from the EPA Water Security Division. This advisory is TLP: Green, meaning that it can be distributed widely within the sector, but cannot be distributed to the public.

Dear Water Sector Coordinating Council and Water Government Coordinating Council:

On October 29, a large water and wastewater utility in the United States was victimized by a cyber ransomware attack. The risk of additional water and wastewater sector facilities being attacked by this threat is high. The WaterISAC has published an Advisory (attached) in response to this incident. The Advisory describes what happened, recommended actions to reduce risk, and additional resources. The WaterISAC has graciously permitted the distribution of this Advisory across the water and wastewater systems sector.

EPA requests that WSCC and GCC associations distribute this Advisory without delay to their membership for their immediate attention. Questions regarding this Advisory may be directed to WaterISAC at analyst.waterisac.org. Cybersecurity incidents should be reported to the DHS Cybersecurity and Infrastructure Security Agency at https://us-cert.cisa.gov/forms/report and WaterISAC.

Best—David

David Travers

Director, Water Security Division

US Environmental Protection Agency

www.epa.gov/waterresilience

Thank you to VDH-ODW for sharing this information with VA AWWA. We hope you find this information beneficial.

Virginia Section American Water Works Association	Social Media	Related Links
PO Box 11992 \| Lynchburg, VA 24506 \| p. 434.386.3190 \| admin@vaawwa.org		vawarn.org
		awwa.org
© 2024 Virginia Section American Water Works Association. All rights reserved.		drinktap.org