On 14 August 2025, the Cybersecurity and Infrastructure Security Agency issued 32 advisories highlighting weaknesses found in industrial control systems commonly used by water and wastewater utilities. These advisories emphasize the risks associated with leaving digital equipment, such as programmable logic controllers and monitoring devices, unpatched or exposed to the internet.
One of the most critical alerts focused on vulnerabilities related to Rockwell Automation’s Micro800 controllers, which are frequently used in smaller treatment facilities and pump stations. If these systems are not updated, unauthorized individuals could disrupt operations. Although Rockwell has committed to releasing firmware fixes by September 2025, the Cybersecurity and Infrastructure Security Agency is urging utilities to take immediate action by restricting remote access and improving network segmentation.
The advisories reinforce the importance of regular cybersecurity updates for effective risk management. These risks are especially significant for human-machine interfaces that manage physical assets impacting public health, such as treatment plants and pump stations.
