The Environmental Protection Agency has released an enforcement alert, calling on water systems to act immediately to protect the nation’s drinking water from foreign cyberattacks.
The agency announced on Monday that cyberattacks against water utilities nationwide are becoming more frequent and severe.
EPA officials warn that around 70 percent of utilities inspected by federal authorities over the past year have violated standards intended to reduce cyber threats.
With nation-states like Russia and Iran targeting water systems of all sizes, even smaller utilities are being urged to improve their cybersecurity measures.
Water systems typically depend heavily on computer software to manage treatment plants and distribution networks.
According to the EPA alert, cybersecurity measures are lacking, as system operators neglected to change default passwords or restrict system access for former employees.
The agency highlights that a cyberattack on US water systems could lead to damage to pumps and valves, disruptions in water treatment and storage, and changes in chemical levels to hazardous levels.
EPA Deputy Administrator Janet McCabe criticized water providers for their lax maintenance of cybersecurity standards.
“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” McCabe said.
For years, individuals and groups have aimed at water provider networks, frequently launching attacks on websites. Now, attacker are focusing on utilities’ operations, while governments are determined to disrupt the supply of safe water to homes and businesses.
China, Russia and Iran are “actively seeking the capability to disable US critical infrastructure, including water and wastewater,” McCabe said.
“We want to make sure that we get the word out to people that ‘Hey, we are finding a lot of problems here,'” he added.
Back in January, a hack linked to a Russian “hacktivist” group caused a small Texas town’s water system to overflow.
Last year, a group known as “Cyber Av3ngers” reportedly linked to the Iranian Islamic Revolutionary Guard Corps, targeted various organizations, including a small water provider in Pennsylvania.
The attack forced the water provider to switch from remote pumping to manual operations. The hackers aimed at a device manufactured by Israel, which the utility utilized, following the recent conflict between Israel and Hamas.
An estimated 150,000 community water providers serve small towns and cities nationwide.
The White House issued a letter to governors across the US on Monday, cautioning about ongoing “disabling” cyberattacks targeting water systems nationwide.
Both the White House and the EPA have invited state officials for a meeting scheduled for Thursday to discuss enhancing digital defenses for the numerous utilities in operation.
The EPA is also forming a cybersecurity task force focused on the waste sector, with the aim of devising strategies to combat the threat.
The letter also accused the Chinese-sponsored hacking group Volt Typhoon of targeting critical infrastructure sectors, such as drinking water in the U.S., as a prime example of the threat.
Share your thoughts by scrolling down to leave a comment.
