FACT SHEET

Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems

Publish Date
Related topics:
Cybersecurity Best Practices, Critical Infrastructure Security and Resilience, Industrial Control System Vulnerabilities

This joint fact sheet, created in collaboration with the Environmental Protection Agency (EPA), supplies Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity.

In the absence of cybersecurity controls, threat actors can exploit exposed HMIs at WWS Sector utilities to view the contents of the HMI, make unauthorized changes, and potentially disrupt the facility’s water and/or wastewater treatment process. CISA strongly encourages WWS Sector organizations review and implement the mitigations in this fact sheet to harden remote access to HMIs.

Please share your thoughts with us via our anonymous product survey; we welcome your feedback.

Resource Materials

Resource Name File Type File Size Language
Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems - 508c PDF, 419.22 KB 419.22 KB English
Printer Friendly Version

Tags

Audience: Industry
Sector: Water and Wastewater Systems
Topics: Critical Infrastructure Security and Resilience, Cybersecurity Best Practices, Incident Detection, Response, and Prevention, Industrial Control System Vulnerabilities, Industrial Control Systems

Related Resources