WaterISAC and the U.S. Environmental Protection Agency (EPA), in cooperation with AWWA and other water associations, are advising water and wastewater system owners and operators to take immediate action to mitigate risks presented by pressing cyber threats. The Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) distributed two joint cybersecurity advisories last week. The advisories said owners and operators of critical infrastructure should immediately strengthen their computer network defenses due to persistent cyber threats from sophisticated actors. On Dec. 16, 2021, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the National Security Agency issued a joint advisory on Russian state-sponsored cyber operations against United States critical infrastructure. It complemented a Dec. 15, 2021 CISA publication - Preparing For and Mitigating Potential Cyber Threats. These advisories asserted that due to persistent cyber-threats from sophisticated actors, including nation-states and their proxies, critical infrastructure owners and operators should take immediate steps to strengthen their computer network defenses. The advisory by WaterISAC and EPA distills key information for the water sector from these recent publications, including commonly observed tactics, techniques, and procedures; detection actions; incident response guidance; and mitigations. It is designed to help water and wastewater system owners and operators reduce the risk presented by these threats and to encourage the adoption of a heightened state of awareness. WaterISAC and EPA, in conjunction with water sector associations, will hold two webinars regarding this joint advisory. Dates and times are: Date 1: Wednesday, December 29, 2021, 2 – 3 p.m. EST. Register: https://attendee.gotowebinar.com/register/8355582904364747792 Date 2: Wednesday, January 5, 2022, 2 – 3 p.m. EST. Register: https://attendee.gotowebinar.com/register/5595566826088940559 AWWA has developed resources to support utility assessment of potential cyber vulnerabilities. AWWA’s Guidance and Assessment Tool generates a list of prioritized cybersecurity controls that is tailored to the users’ operational conditions, which is used to review implementation status and inform cyber risk management actions. The advisories are TLP:AMBER. They are intended only for water and wastewater system owners and operators, along with state, local, tribal, and territorial government officials and private sector organizations that directly support water and wastewater system operations. Questions can be directed to Kevin Morley , AWWA's federal relations manager.