EPA Issues Warning About Cyberattacks Against Water Systems

EPA Issues Warning About Cyberattacks Against Water Systems

(USNewsBreak.com) – Criminals have instigated several cyberattacks on high-profile companies over the past several years. Hackers have also turned their attention to infrastructure and utility companies because of the potential to make more of an impact or ransom higher bounties. Now, the federal government is warning that US drinking water could be at increased risk.

EPA Issues Advisory and Enforcement Alert

On Monday, May 20, the Environmental Protection Agency (EPA) warned of an uptick in cyberattacks against US water treatment companies. It also issued an enforcement alert advising water systems, even small ones, to take action to safeguard community drinking supplies and ensure they comply with Section 1433 of the Safe Water Drinking Act (SDWA).

The enforcement alert was part of the EPA’s ongoing efforts to protect Americans. The Department of Homeland Security‚Äôs (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Council led the effort. To ensure compliance, the agency said it planned to increase inspections. If it finds community water systems in violation, they could face potential “civil and criminal enforcement actions.”

Water Systems at Risk?

Within the last year, federal officials found around 70% of the facilities they inspected violated standards. EPA Deputy Administrator Janet McCabe said most facilities could easily prevent these problems by completing “a risk assessment of their vulnerabilities” and informing their employees about the best practices to reduce breaches.

According to McCabe, it’s not just private entities perpetrating the cyberattacks. She pointed to adversarial nations, including Russia, China, and Iran, that are “seeking the capability to disable US critical infrastructure.” Authorities linked Iran to the breach of a Pennsylvania water system, while Russia tried to interfere in China. Additionally, China has sponsored a group known as the Volt Typhoon that has succeeded in compromising many water systems in the US and its territories.

Recommended Actions

The EPA listed a series of steps water systems could take to reduce their vulnerabilities. These include:

  • Reducing their exposure to public internet interfaces
  • Conducting cybersecurity assessments routinely
  • Changing any default passwords
  • Terminating former employees’ system access
  • Developing and testing incident response and recovery plans
  • Backing up internal and external systems
  • Reducing their vulnerability exposure
  • Conducting cybersecurity awareness training for employees

The EPA and National Security Advisor Jake Sullivan recently sent letters to US governors warning them of the risks and encouraging them to cooperate with federal and state partners to boost preparedness. The EPA also plans to establish a task force focused on further reducing the risk of future cyberattacks.

Copyright 2024, USNewsBreak.com