EPA warns of cyberattacks on U.S. community drinking water systems

Over 70% of water systems were found to lack requirements from the Safe Drinking Water Act, making them vulnerable to cybersecurity threats.

EPA warns of cyberattacks on U.S. community drinking water systems
Municipal Water Authority of Aliquippa via AP, File
Remove Ads

The Environmental Protection Agency (EPA) issued an enforcement alert on Monday, warning of cyberattacks targeting community drinking water systems across the United States.

According to the EPA's inspections, more than 70% of water systems are not compliant with Safe Drinking Water Act requirements, leaving some of these systems with critical cybersecurity vulnerabilities.

According to the alert, the agency identified several issues, including default passwords that have not been updated and the use of single logins. The EPA recommended that system operators take various measures to enhance security, such as reducing exposure to public-facing internet, conducting regular cybersecurity assessments, changing default passwords immediately, and conducting an inventory of operational and information assets.

EPA Deputy Administrator Janet McCabe emphasized the importance of completing cybersecurity risk assessments, ensuring the plans are available and informing how water systems operate.

“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” she said, the Associated Press reported

She also warned that China, Russia, and Iran are actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater systems.

Recent incidents have highlighted the growing threat of cyberattacks on water systems. In May 2023, Microsoft reported that state-backed Chinese hackers called Volt Typhoon were targeting U.S. infrastructure systems, including drinking water.

In November 2023, the Municipal Water Authority of Aliquippa revealed that one of their booster stations had been hacked by an Iran-backed cyber-group called Cyber Av3ngers. Last month, a Russian hacktivist group targeted a Texas town's water system, with the city manager reporting 37,000 attempts to log into their firewall in just four days, the Daily Wire reported.

Remove Ads
Remove Ads

Don't Get Censored

Big Tech is censoring us. Sign up so we can always stay in touch.

Remove Ads