Important Message from IDEM for Indiana Drinking Water, Wastewater Operators and Cybersecurity Contacts

Attention Indiana Drinking Water and Wastewater Operators and Cybersecurity Contacts 

As many of you may have seen on recent news reports, water sector utilities in several states and European countries have been targeted by cyber-attacks believed to originate in Russia.  These instances seem to be an organized effort targeting internet facing devices that are unsecured, or poorly secured using default or overly simplistic password protocols.  IDEM is providing the guidance below from WaterISAC to help mitigate utility exposure from internet facing devices:

WaterISAC Mitigation Guidance

While specific details are limited at this time, it is believed that the threat actors are likely exploiting poorly secured internet-facing devices that are enabling them to gain initial access and eventual access to the SCADA systems. Members are encouraged to secure or isolate internet-facing devices to reduce the risk of similar attacks, specifically:

1. Reduce Exposure to the Public-Facing Internet. OT devices such as controllers and remote terminal units (RTUs) are easy targets for cyberattacks when connected to the internet.
2. Change Default Passwords Immediately. Require unique, strong, and complex passwords for all water systems, including connected infrastructure.
3. Conduct an Inventory of OT/IT Assets. Create an inventory of software and hardware assets to help understand what you need to protect. Focus initial efforts on internet-connected devices and devices where manual operations are not possible. Use monitoring to identify the devices communicating on your network.

As appropriate, it may be necessary for utilities to contact service providers, such as SCADA integrators, etc. for assistance.

For more information on actions and incident response, members are encouraged to reference:

• Top Cyber Actions for Securing Water Systems
• Water and Wastewater Sector - Incident Response Guide
• CISA's Free Cyber Vulnerability Scanning for Water Utilities

If your utility experiences any cyber-attack or suspicious activity, please report it immediately.  You can contact the FBI Cyber Watch at 855-292-3937, CISA at 888-282-0870, or IDEM’s Drinking Water Branch for assistance with notifications and requesting support.

If you have any questions about this IDEM notice, do not hesitate to contact Travis Goodwin at 317-775-5473 or by email at: Tgoodwin1@idem.IN.gov.