Federal law enforcement agencies on Thursday warned of a potential cyberthreat to water and wastewater systems.
An alert sent by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) warns that phishing campaigns, targeting outdated software and exploiting control systems could all be in play.
They outline some attacks on water systems, such as the August 2021 attack on a California wastewater system.
"The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message," the alert says.
Eric Goldstein, Executive Assistant Director for Cybersecurity, warned that these ransomware battles aren't won on the day of the attack.
"Recent ransomware incidents and ongoing threats demonstrate why all critical infrastructure owners and operators should make cybersecurity a top priority," he said. "While vulnerabilities within the Water Sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment."