O & M Newsletter headerEnviroNews banner: forest stream, lake cottage, landfill construction, autumn field, winter lakefront
*JULY 2025*
In this issue:
* EPA Issues Cyberattack Warning. [ #link_1 ]
________________________________________________________________________
EPA Issues Cyberattack Warning.
The U.S. EPA is issuing this alert to inform water and wastewater system owners and operators of the need for increased vigilance for potential cyber activity in the United States due to the current geopolitical environment. The U.S. Department of Homeland Security (DHS) published a National Terrorism Advisory System Bulletin [ [link removed] ], indicating that low-level cyberattacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian Government may conduct attacks against U.S. networks.
Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) published a fact sheet [ [link removed] ] warning that Iranian-affiliated cyber actors may target U.S. devices and networks for near-term cyber operations.
Iranian-affiliated cyber actors have demonstrated the exploit operational technology [ [link removed] ](OT) devices at U.S. water and wastewater systems [ [link removed] ], forcing many systems to revert to manual operations and resulting in operational impacts.
*Mitigations*
All drinking water and wastewater systems are strongly encouraged to implement the following mitigations immediately to enhance resilience against low-level cyberattacks:
*• Reduce OT Exposure to the Public-Facing Internet*
*• Replace All Default Passwords on OT Devices with Strong, Unique Passwords*
*• Implement Multifactor Authentication for Remote Access to OT Devices*
In addition to these immediate actions, drinking water and wastewater systems are encouraged to adopt the actions outlined in the CISA, EPA, and FBI Top Cyber Actions for Securing Water [ [link removed] ]Systems Fact Sheet [ [link removed] ]to further reduce cyber risk and improve resilience against malicious cyber activity.
*Conclusion*
The U.S. EPA requests that the Water Sector Coordinating Council (WSCC)/Government Coordinating Council (GCC) review this advisory and pass it along to all water & wastewater entities that may be susceptible to this threat. Additionally, we encourage the EPA Regions share the advisory with the state primacy agencies and direct implementation utilities.
Water and wastewater system owners and operators should direct their IT/OT system administrators to review this alert for further use and implementation. If you rely on third party vendors for technology support, then you are encouraged to contact them to confirm their awareness of this threat. Organizations are encouraged to report information concerning suspicious or criminal activity to FBI Internet Crime Complaint Center (IC3) at IC3.gov [ [link removed] ] [ [link removed] ] or to CISA via CISA’s Incident Reporting System [ [link removed] ]. If you have questions about any of the information contained in this document, please contact the Water Infrastructure and Cyber Resilience Division, Cybersecurity Branch at
[email protected].
________________________________________________________________________
________________________________________________________________________
MEDEP Logo [ [link removed] ]
*Maine Department of Environmental Protection
*Manage Subscriber Preferences [ [link removed] ] | Unsubscribe [ [link removed] ] | Help [ [link removed] ] | Contact Us
[ [link removed] ]STAY CONNECTED:
Twitter Logo [ [link removed] ] GovDelivery Envelope [ [link removed] ] Bookmark and Share [ [link removed] ]
[ [link removed] ]
________________________________________________________________________
This email was sent to
[email protected] using GovDelivery Communications Cloud on behalf of: Maine Department of Environmental Protection · 17 State House Station · Augusta, ME 04333 · 207-287-7688 GovDelivery logo [ [link removed] ]
