The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Environmental Protection Agency (EPA) have issued an urgent joint advisory warning U.S. critical infrastructure organizations — including water and wastewater systems — of active cyberattacks targeting internet-connected operational technology (OT) devices, specifically Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs).
Water and wastewater operators are strongly urged to take immediate protective steps: limiting PLC exposure to the public internet, ensuring PLCs are set to run mode to block remote modifications, and replacing all default passwords with strong, unique credentials.