Become a Member

Log in

More Resources

Joint Cybersecurity Advisory (TLP:WHITE): Compromise of U.S. Water Treatment Facility

Author: Charles Egli

Created: Thursday, February 11, 2021 - 23:15

Categories: Cybersecurity

Federal government partners have just released a TLP:WHITE* Joint Cybersecurity Advisory on the recent compromise of a U.S. water treatment facility. This product provides a summary of the incident informed by personnel who assisted with the onsite response, threat overviews based on what was observed, and series of recommendations organizations are encouraged to consider to protect themselves against similar activity.

In addition to being posted as a PDF below, the advisory is also available on the Cybersecurity and Infrastructure Security Agency (CISA) website here.

Threat Overviews for Desktop Sharing Software and Windows 7 End of Life

The advisory states cyber actors likely accessed the system by exploiting cybersecurity weaknesses, such as an outdated operating system (Windows 7), and that it is possible a desktop sharing software (TeamViewer) may have been used to gain access to the system. Based on these findings and observations from other activity, the advisory includes threat overviews for desktop sharing software and Windows 7 end of life. These threat overviews discuss how cyber actors have been observed exploiting these systems for malicious activities.

Recommendations, including for Water and Wastewater Systems

The advisory includes a specific recommendations category for water and wastewater systems, which emphasize the importance of installing independent cyber-phyiscal safety systems. As the product notes, these are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor. It observes these types of controls can be of particular benefit to smaller systems, such as the one involved in the recent incident, which may have limited cybersecurity capabilities. The product also includes lists of general recommendations and TeamViewer software recommendations.

* Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. Read more about the TLP, or Traffic Light Protocol, at CISA.

Attached Files:

FBI_CISA_EPA_Joint_CSA-AA21-042A_Compromise_of_US_Water_Treatment_Facility

Related Resources

Tip of the Week – May 14, 2026

May 14, 2026 in Cybersecurity, Security Preparedness
Members Only

(TLP:AMBER+STRICT) Situation Report: Heightened Threat Environment – Potential Retaliation by Iranian Threat Actors Following U.S. Strikes on Iran (Updated May 14, 2026)

May 14, 2026 in Cybersecurity, OT-ICS Security, Physical Security, Security Preparedness

(TLP:CLEAR) Non-Human Identities (NHIs) Are Growing Faster Than Most Security Programs

May 14, 2026 in Cybersecurity, Security Preparedness