On March 18, 2024, the White House issued a press release addressed to governors nationwide, alerting them to a critical security threat facing water and wastewater systems in the U.S.. The communication highlighted that water systems, both large and small, are being targeted by foreign entities with malicious intent. The threat actors are actively seeking various avenues to gain unauthorized access to sensitive data files and records.
These attacks pose a significant risk of disrupting the essential services provided by water systems, potentially jeopardizing the supply of clean and safe drinking water. Moreover, they can impose substantial financial costs on affected communities. To raise awareness and understanding of this risk, we are providing descriptions of these threats and to seek your partnership in taking action to safeguard water systems and the communities they serve.
Recent and ongoing threats
IRGC Cyberattacks
Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) carried out malicious cyberattacks against United States critical infrastructure entities, including drinking water systems. In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password.
Volt Typhoon Targeting Critical Infrastructure
The People’s Republic of China (PRC) state-sponsored cyber group known as Volt Typhoon has compromised the information technology of multiple critical infrastructure systems, including drinking water, in the U.S. and its territories. Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage. Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.
Utah Public Water and Wastewater System Cybersecurity Plan
In response to these escalating threats, the Department of Environmental Quality (DEQ) is creating a Utah Public Water and Wastewater System Cybersecurity Plan. The objective of this plan is to assist all public drinking water and wastewater systems in immediate response, investigation, and isolation of cyberattacks by connecting them with top State and Federal cybersecurity experts and providing technical support during the incident.
Our goal is to promote statewide preparedness and provide support for responding to and recovering from any cyber incidents that may arise.
Public Water System Notification Requirements
If a public water system suspects a cyberattack, it is imperative that they promptly initiate incident response measures. Security failures within water system technology could have cascading impacts across critical infrastructure. Responding immediately and effectively to a cyberattack is essential for minimizing potential damage to water systems.
Division of Drinking Water 24/7 Emergency Response (801) 560-8456
Per R309-105-18, drinking water systems need to contact the Division of Drinking Water within eight hours if an emergency situation exists. R309-105-18(e) defines a threat or evidence of vandalism or sabotage that may affect the quality of delivered water as an emergency incident. The division will assist the water system with contacting top State and Federal cybersecurity experts for immediate support.
Resources
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) websites offer guidance, tools, training, resources, and technical assistance for water systems.
EPA
Environmental Protection Agency
CISA
Cybersecurity & Infrastructure Security Agency
NIST
National Institute of Standards and Technology
AWWA
American Water Works Association
- Cybersecurity and Guidance, including small system guidance
Contacts
State of Utah
Department of Environmental Quality (DEQ)
24/7 Emergency response line (801) 536-4123
Report an incident online
Division of Drinking Water (DDW)
24/7 Emergency response line (801) 560-8456
Utah Division of Technology Services (DTS)
DTS-SOC@utah.gov
24/7 Emergency response line (801) 538-3011
Other
Cybersecurity & Infrastructure Security Agency (CISA), U.S. Dept. of Homeland Security
24/7 report@cisa.gov
24/7 (888) 282-0870