FBI issues cybersecurity outline for water treatment plants

February 17, 2021 GMT

ST. ALBANS, Vt. (AP) — A four-page joint advisory from the FBI, the Cybersecurity and Infrastructure Security Agency, the EPA and Multi-State Center for Internet Security has been circulated among Vermont officials outlining how to avoid cyberattacks.

The document comes two weeks after a cyberattack on a drinking water system that serves 15,000 people outside of Tampa, Florida, was infiltrated. The attackers attempted to increase the amount of lye from 100 parts to 11,000 parts per million.

The document recommends following “Cyber Hygiene” and recommends steps such as keeping software up-to-date, implementing “independent cyber-physical safety systems,” and using randomized alphanumeric passwords, the St. Albans Messenger reported.


St. Albans Public Works Director Martin Manahan says the city is continuously looking for ways to reduce risk.

“We have a very secure cybersecurity system in place that is continually monitored by IT staff. The people using the St. Albans City municipal water system can be very confident that we are constantly monitoring and testing our system to provide safe drinking water throughout our community,” Manahan said.

America’s Water Infrastructure Act of 2018 requires that water treatment systems that service more than 3,300 people “to develop or update risk assessments and emergency response plans.”