US Warns States About Rising Cyber Threats to Water Systems

Penka Hristovska
Penka Hristovska Senior Editor
Published on: March 22, 2024
Penka Hristovska Penka Hristovska
Published on: March 22, 2024 Senior Editor

The Biden administration has sent out letters to warn states about cyberattacks against water systems.

“Disabling cyberattacks are striking water and wastewater systems throughout the United States … These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan wrote in a letter to governors.

The letter pointed to hackers from Iran’s Islamic Revolutionary Guard Corps that have targeted drinking water systems, and Volt Typhoon, a group sponsored by the People’s Republic of China, that has breached the IT of water systems and other critical infrastructure.

“We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices to identify any significant vulnerabilities, deploy practices and controls to reduce cybersecurity risks where needed, and exercise plans to prepare for, respond to, and recover from a cyber incident,” the letter reads.

Regen and Sullivan highlighted that “even basic cybersecurity precautions” like setting strong passwords and updating software “can mean the difference between business as usual and a disruptive cyberattack.”

The EPA, which is the primary federal agency tasked with making sure the nation’s water sector is protected against all threats and hazards, is creating a task force to pinpoint key vulnerabilities of water systems to cyberattacks, among other matters. The letter also extends an invitation to state homeland security and environmental officials for a meeting focused on enhancing cybersecurity in the water sector.

The water system is a particularly vulnerable component of US infrastructure, plagued with weak controls and staffing shortages. This is mostly because it doesn’t always have the funds to secure the necessary funds and personnel to address hacking threats.

“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” said the letter.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: March 22, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.