Experts Warn that Russia May Seek to Hit the Heart of US Water Infrastructure

On February 11, 2022, National Security Advisor Jake Sullivan warned that new Russian forces continue to arrive at the Ukrainian border and that, “we are in the window when an invasion could happen at any time.”  The Water Information Sharing & Analysis Center (WaterISAC) and the United States Environmental Protection Agency (USEPA) believe that Russian hackers may target American water utilities. All water and wastewater system owners and operators should read this alert and the attached advisories and adopt the recommended mitigation actions if needed.

WaterISAC will host a webinar Thursday to cover the basics of cybersecurity culture, including aspects of cybersecurity awareness, insider threats, and physical security.  National security experts believe that if the U.S. and other countries issue sanctions on Russia, Russia is likely to retaliate by targeting cyber attacks on U.S. infrastructure, including water and wastewater facilities.

Recommendations from AWBD Operators

AWBD Operators, such as Inframark and MDS, have offered steps that water districts should take to protect their water systems:

  • Strong passwords: require strong passwords and force password rotation (consider length (the longer the better); a mix of letters (upper and lower case), numbers, and symbols, no ties to your personal information, and no dictionary words.
  • Implement Multi-Factor Authentication (MFA) – especially for remote access
  • Ensure systems updated and secure: frequently and patched to address known exploits (CISA list of known exploits); use current anti-virus software and solutions.
  • Separate IT networks and OT networks (Information Technology, the use of computer systems in a business environment; Operational Technology, control systems used for monitoring industrial equipment). SCADA (Supervisory Control And Data Acquisition)  SCADA is considered a potential cyber-attack target, but most water districts DO NOT have SCADA.
  • System awareness – be mindful of systems, both IT and OT displaying unusual behavior, such as unscheduled reboots. Some operators use special software to monitor potential cyber-attacks and intrusions.
  • Support Availability: Ensure support for incidents is available, most attacks occur out of hours or on holidays, ensure support is available to assist with any response
  • Ensure the system has regular, secure backups of electronic information
  • Manual Operations: Make sure staff know how to operate plants manually if IT/OT systems become unavailable
  • Response Plans: Ensure that response plans are up to date and available, so staff know how to react in the event of an attack and minimize disruption.  Have a plan, up to (worst case scenario) closing the air gap.
  • Advise staff to be vigilant when receiving outside communications, check emails, don’t click links. Attacks can also start via txt messages or phone calls with requests to access systems
  • If in doubt report it to your operator.

AWBD Operators are working to stay up-to-date with the latest cyber security software and protocols.  Reference the two advisories below as it relates to the unfolding events:

Office of Intelligence and Analysis Warning of Potential for Cyber Attacks
USEPA WaterISAC Advisory on Cybersecurity Recommendations