US govt shares cyberattack defense tips for water utilities

CISA, the FBI, and the EPA released a fact sheet and incident response guidance urging water and wastewater utilities to implement eight prioritized cyber actions—such as reducing internet exposure of OT devices, enforcing MFA, changing default passwords, inventorying assets, patching known vulnerabilities, backing up systems, and exercising incident response—to reduce risk after a string of ransomware attacks and intrusions (including exploitation of Unitronics PLCs) targeting water infrastructure.