Today, CISA and the Environmental Protection Agency (EPA) released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity.
HMIs enable operational technology owners and operators to read supervisory control and data acquisition systems connected to programmable logic controllers. Threat actors can exploit exposed HMIs at WWS Sector utilities without cybersecurity controls, resulting in operational impacts and forcing victims to revert to manual operations (see Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity).
EPA and CISA strongly encourage WWS Sector organizations review and implement the mitigations in this fact sheet to harden remote access to HMIs. Visit our Water and Wastewater Systems page for additional resources to help protect the WWS Sector.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat,…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated public version of the…
This website uses cookies.