Today, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resources—from American Water Works Association, the WaterISAC, and MS-ISAC—to support water systems in defending against from malicious cyber activity.Â

The fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:

Reduce Exposure to the Public-Facing Internet
Conduct Regular Cybersecurity Assessments
Change Default Passwords Immediately
Conduct an Inventory of Operational Technology/Information Technology Assets
Develop and Exercise Cybersecurity Incident Response and Recovery Plans
Backup OT/IT Systems
Reduce Exposure to Vulnerabilities
Conduct Cybersecurity Awareness Training

CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity. Organizations can visit cisa.gov/water for additional sector tools, information, and resources.