Protecting the Nation’s Water Supply: EPA Urges Action to Combat Cyberattacks

Water Utility Cyberattacks on the Rise, EPA Issues Urgent Alert
By Emily Johnson, Staff Writer

WASHINGTON (AP) — Cyberattacks targeting water utilities across the country are increasing in frequency and severity, prompting the Environmental Protection Agency (EPA) to issue an enforcement alert urging immediate action to safeguard the nation’s drinking water.

According to the EPA, about 70% of water utilities inspected in the past year have failed to meet standards aimed at preventing breaches and intrusions. Even small systems are being urged to enhance their cybersecurity measures in the face of escalating threats. Recent attacks by groups associated with Russia and Iran have specifically targeted smaller communities.

The EPA alert highlighted various shortcomings in water systems, such as using default passwords and failing to revoke system access for former employees. With water utilities heavily reliant on computer software to operate treatment plants and distribution systems, protecting information technology and process controls is essential, the EPA stressed. Potential consequences of cyberattacks include disruptions to water treatment and storage, damage to equipment, and alteration of chemical levels to hazardous levels.

EPA Deputy Administrator Janet McCabe emphasized the importance of conducting risk assessments to identify vulnerabilities, particularly in terms of cybersecurity. She also noted that recent cyberattacks aren’t just limited to private entities but are increasingly linked to geopolitical rivals, posing a serious threat to the uninterrupted supply of safe water to homes and businesses.

McCabe specifically named China, Russia, and Iran as countries actively seeking to disable critical U.S. infrastructure, including water and wastewater systems. Recent incidents involving Iranian and Russian-affiliated groups targeting U.S. utilities underscore the urgent need for enhanced cybersecurity measures.

The alert serves as a reminder of the seriousness of cyber threats and signals that the EPA will continue inspections and pursue penalties for significant vulnerabilities. Despite the relatively low number of successful attacks so far, the EPA’s enforcement actions underscore the pervasive threats faced by water systems.

Preventing cyberattacks on water providers is part of the Biden administration’s broader strategy to protect critical infrastructure. With increasing pressure on utilities to bolster defenses, EPA Administrator Michael Regan and White House National Security Advisor Jake Sullivan have called on states to develop comprehensive plans to combat cyber threats in the water sector.

While larger utilities typically have more resources and expertise to defend against attacks, smaller providers face significant challenges due to limited budgets and staffing. Developing a robust cybersecurity framework requires significant investment and expertise, which many water utilities struggle to attain.

As the threat of cyberattacks on water utilities intensifies, the EPA’s enforcement alert underscores the urgent need for comprehensive cybersecurity measures to safeguard the nation’s drinking water supply.

—
This news article highlights the growing threat of cyberattacks on water utilities and the urgent response needed to protect the nation’s drinking water supply. The EPA’s enforcement alert underscores the need for enhanced cybersecurity measures to counter evolving threats from state-affiliated groups and hacktivists.