The following statement was released by the Office of Water Emergency Response & Cybersecurity at the EPA.
Overview
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Environmental Protection Agency (EPA) are urgently warning U.S. organizations of ongoing cyber exploitation of internet-connected operational technology (OT) devices, including Rockwell Automation/Allen-Bradley-manufactured programmable logic controllers (PLCs), across multiple U.S. critical infrastructure sectors.
Recommended Actions
EPA recommends water and wastewater systems review the tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) in this advisory for indications of current or historical activity on their networks, and apply the recommended immediate steps to prevent the attack:
- Limit PLC exposure to the public-internet
- Ensure PLCs are in run mode to prevent remote modification
- Replace all default passwords on PLCs and OT with strong, unique passwords
Water systems are encouraged to review and implement the additional follow-up steps included in the advisory to further strengthen their cybersecurity posture.
Technical Assistance
If you have questions about any of the information in this alert, including assistance with the mitigation steps, submit a request to EPA’s Cybersecurity Technical Assistance Program for the Water Sector.
Report an Incident
Organizations are encouraged to report information concerning suspicious or criminal activity to FBI Internet Crime Complaint Center (IC3) at IC3.gov or to CISA via CISA’s Incident Reporting System.
For more detailed information, go to IC3.gov.
Tags