EPA, FBI, CISA, NSA Issue Joint Cybersecurity Advisory to Water System Regarding Iranian-Affiliated Cyber Attacks

EPA, FBI, CISA, NSA Issue Joint Cybersecurity Advisory to Water System Regarding Iranian-Affiliated Cyber Attacks

Advisory contains information to promote resilience, ensure safety of Americans drinking water

April 7, 2026

WASHINGTON - U.S. Environmental Protection Agency (EPA), the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) issued a joint advisoryExit EPA's website warning to U.S. organizations, including those in the water sector, for an urgent and ongoing Iranian-affiliated cybersecurity threat. U.S. organizations are experiencing exploitation and, in some cases, disruption of commonly used operational technology at drinking water and wastewater systems that are diligently working to ensure that Americans can rely on clean and safe water.

"Cybersecurity threats are a serious concern for our nation's water infrastructure, including the communities, businesses, hospitals, and other critical infrastructure sectors that rely on these critical lifeline services," said EPA Assistant Administrator for Water Jess Kramer. "Water systems are encouraged to stay informed and work to adopt cybersecurity best practices."

"Cyberattacks on drinking water and wastewater systems directly threaten public health and community resilience. A single breach can disrupt treatment or introduce contaminants, damage equipment, and erode public trust, said EPA Assistant Administrator for Enforcement and Compliance Assurance Jeffrey A. Hall. "EPA enforcement safeguards our nation's critical infrastructure, including water systems, by ensuring compliance with applicable safety, maintenance, resilience, and security requirements and by rapidly correcting vulnerabilities. We also work with our law enforcement partners to disrupt attacks and to hold those responsible accountable. Our national security depends on water systems not only taking security seriously but also immediately reporting any incidents and working with our investigators to address them while protecting the public."

The joint cybersecurity advisoryExit EPA's website includes information to help water systems identify specific vulnerabilities that are being exploited and take concrete steps to strengthen cyber resilience. It also underscores that the water sector remains an attractive target and continues to face threats from groups seeking to disrupt U.S. critical infrastructure. As a result of the recent cybersecurity exploitation, organizations from multiple U.S. critical infrastructure sectors have reported disruptions including configuration wiping, software-based mechanical sensor tampering, and disruption of human machine interfaces (HMIs). This activity has resulted in operational disruption and financial loss.

"The FBI and its partners are issuing this advisory to ensure organizations are best positioned to defend themselves against exploitation by Iran-affiliated cyber actors," said Assistant Director Brett Leatherman of the FBI's Cyber Division. "Our goal is to prevent further operational disruption and financial loss for targets of this threat activity while we work to impose costs on malicious actors-all of which builds upon the new Cyber Strategy for America."

EPA, as the federal lead responsible for enhancing the cybersecurity posture of the water sector, supports water systems utilities in identifying cybersecurity gaps and developing risk mitigation plans to address those gaps by providing free cybersecurity assessments, technical assistance, tools, and training. Importantly, these cybersecurity improvements often entail procedural changes rather than expensive hardware and software upgrades, and therefore even those water systems with limited technical resources have the ability to greatly improve their cyber defenses. These resources, and more, are readily accessible at https://www.epa.gov/cyberwater.

EPA encourages water systems that need technical support or additional information on cybersecurity best practices to use EPA's RealWaterTA resources and submit a request to EPA's Cybersecurity Technical Assistance Program for the Water SectorExit EPA's website.

Organizations are encouraged to report information concerning suspicious or criminal activity to FBI Internet Crime Complaint Center (IC3) at IC3.govExit EPA's website or to CISA via CISA's Incident Reporting SystemExit EPA's website.