The Cybersecurity and Infrastructure Security Agency (CISA) sent the following cybersecurity advisory about malicious activity by a People’s Republic of China (PRC) cyber actor known as Volt Typhoon: “CISA and its U.S. government partners have confirmed that this group of PRC state-sponsored cyber actors has compromised entities across multiple critical infrastructure sectors, including communications, energy, transportation, and water and wastewater, in the United States and its territories. The data and information CISA and its U.S. government partners have gathered strongly suggest the PRC is positioning itself to launch destructive cyberattacks that would jeopardize the physical safety of Americans and impede military readiness in the event of a major crisis or conflict with the United States. “In addition to the joint Cybersecurity Advisory, CISA and our partners also released complementary Joint Guidance to help all organizations effectively hunt for and detect the sophisticated types of techniques used by actors such as Volt Typhoon, known as “living off the land.” In recent years, the U.S. has seen a strategic shift in PRC cyber threat activity from a focus on espionage to pre-positioning for possible disruptive cyberattacks against U.S. critical infrastructure. By using “living off the land” techniques, PRC cyber actors blend in with normal system and network activities, avoid identification by network defenses, and limit the amount of activity that is captured in common logging configurations. “Today’s joint CSA is based primarily on technical insights gleaned from CISA and industry response activities at victim organizations within the United States, primarily in communications, energy, transportation, and water and wastewater sectors. Our complementary Joint Guidance is derived from those insights as well as previously published products, red team assessments, and industry partners. “For more information, visit People's Republic of China Cyber Threat .” AWWA’s resources for cybersecurity , including those for small systems , provide guidance on best practices and training opportunities to help water systems actively engage and implement a cybersecurity risk management strategy. AWWA has developed essential planning resources to support water sector cyber resilience based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and associated standards. The resources are designed to help a utility assess potential exposure to cyber risks, set priorities, and execute a proactive cybersecurity strategy. Water systems of all types are encouraged to also enroll in CISA’s vulnerability scanning service to help a utility identify weaknesses that could be exploited by an attacker, essentially a review of what a bad actor sees when virtually probing a network. The AWWA resources include: Water Sector Cybersecurity Risk Management Guidance : Practical, step-by-step guidance from AWWA for protecting process control systems used by the water sector from cyberattacks. Following this guidance saves time and yields more comprehensive, accurate and actionable recommendations from the Assessment Tool. Assessment Tool : This interactive tool asks utilities to examine how they are using various technologies. Based on responses, the tool generates a customized, prioritized list of controls most applicable to the utility’s technology applications. Utilities can use this output to determine the implementation status of critical controls designed to mitigate cybersecurity vulnerabilities. AWWA website login is required for access. Small Systems Guidance : A getting-started guide to help small and rural utilities improve cybersecurity practices. This resource is targeted for water utilities serving fewer than 10,000 people, and especially those serving fewer than 3,300 people, and follows the Water Sector Cybersecurity Risk Management Guidance. Questions can be directed to Kevin Morley , AWWA federal relations manager.