Advisory about Iranian hacktivists (AWWA)

Advisory about Iranian hacktivists (AWWA)

The U.S. Department of Homeland Security (DHS) issued a National Terrorism Advisory System Bulletin on Sunday regarding the heightened threat environment due to the United States’ direct involvement in the ongoing conflict between Israel and Iran.

As mentioned in our June 20 Water Utility Insider, water systems should maintain increased vigilance, as the escalating war between Israel and Iran could expand to target U.S. critical infrastructure through physical and cyber attacks.

“Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks,” DHS warned. “Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020. The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland. Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.”

Water systems and entities supporting water systems are encouraged to maintain vigilance and report suspicious activities and incidents to local law enforcement, their local FBI field office, and local fusion center. Information can also be shared with the WaterISAC by emailing analyst@waterisac.org, calling 866-H2O-ISAC, or using the online incident reporting form.

AWWA’s recently updated resources on cybersecurity provide guidance on best practices that focus utility action on implementing controls that maximize near-term risk reduction to help water systems build their cyber resilience.

AWWA’s cybersecurity guidance and assessment tool are aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and associated standards. Water systems of all types are encouraged to enroll in CISA’s vulnerability scanning service to help identify weaknesses that an attacker may exploit due to devices being publicly accessible via the internet.Additional resources from CISA and EPA can be accessed at www.cisa.gov/water.

Questions can be directed to Kevin Morley, AWWA federal relations manager.