Cybersecurity Bulletin: Utah Division of Drinking Water

On March 18, 2024, the White House issued a press release addressed to governors nationwide, alerting them to a critical security threat facing water and wastewater systems in the U.S.. The communication highlighted that water systems, both large and small, are being targeted by foreign entities with malicious intent. The threat actors are actively seeking various avenues to gain unauthorized access to sensitive data files and records.

These attacks pose a significant risk of disrupting the essential services provided by water systems, potentially jeopardizing the supply of clean and safe drinking water. Moreover, they can impose substantial financial costs on affected communities. To raise awareness and understanding of this risk, we are providing descriptions of these threats and to seek your partnership in taking action to safeguard water systems and the communities they serve.

Recent and ongoing threats

IRGC Cyberattacks

Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) carried out malicious cyberattacks against United States critical infrastructure entities, including drinking water systems. In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.

More information on these attacks

Volt Typhoon Targeting Critical Infrastructure

The People’s Republic of China (PRC) state-sponsored cyber group known as Volt Typhoon has compromised the information technology of multiple critical infrastructure systems, including drinking water, in the U.S. and its territories. Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage. Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.

More information from CISA

Utah Public Water and Wastewater System Cybersecurity Plan

In response to these escalating threats, the Department of Environmental Quality (DEQ) is creating a Utah Public Water and Wastewater System Cybersecurity Plan. The objective of this plan is to assist all public drinking water and wastewater systems in immediate response, investigation, and isolation of cyberattacks by connecting them with top State and Federal cybersecurity experts and providing technical support during the incident.

Our goal is to promote statewide preparedness and provide support for responding to and recovering from any cyber incidents that may arise.

Public Water System Notification Requirements

If a public water system suspects a cyberattack, it is imperative that they promptly initiate incident response measures. Security failures within water system technology could have cascading impacts across critical infrastructure. Responding immediately and effectively to a cyberattack is essential for minimizing potential damage to water systems.

Per R309-105-18, drinking water systems need to contact the Division of Drinking Water within eight hours if an emergency situation exists. R309-105-18(e) defines a threat or evidence of vandalism or sabotage that may affect the quality of delivered water as an emergency incident. The division will assist the water system with contacting top State and Federal cybersecurity experts for immediate support.


The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) websites offer guidance, tools, training, resources, and technical assistance for water systems.


State of Utah

24/7 Emergency response line (801) 536-4123
Report an incident online

24/7 Emergency response line (801) 560-8456
24/7 Emergency response line (801) 538-3011


24/7 (888) 282-0870

Last Updated:



Back to top