EPA issues alert warning water utilities to ‘bolster cybersecurity’


Revelation 6:3-4 “when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • Cyberattacks on U.S. Water Facilities Are Increasing. Why?
  • The Environmental Protection Agency (EPA) issued a critical enforcement alert on Monday, warning water utilities nationwide to bolster cybersecurity measures immediately due to an increase in the frequency and severity of cyberattacks. According to the EPA, 70 percent of inspected water utilities violated standards designed to prevent security breaches, highlighting the urgent need for improved defenses. The alert comes as smaller communities become prime targets for attacks by groups linked to hostile actors in Russia, Iran, and China.
  • In recent assessments, federal officials found water systems failing to implement basic security protocols, such as changing default passwords and revoking access from former employees. With many utilities relying heavily on computer software for operations, the EPA emphasized the importance of safeguarding both information technology and process controls to ensure uninterrupted water supply and safety.
  • “In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” said EPA Deputy Administrator Janet McCabe. She added: “China, Russia, and Iran are actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater systems.”
  • Recent incidents include the Iranian-affiliated Cyber Av3ngers hacking a small Pennsylvania town’s water utility and a Russian-linked group targeting Texas utilities. In the past, most cyber attacks on utilities have been spearheaded by private actors looking to ransom back access to the owners in the hopes of receiving a cash payment. However, hostile state-aligned actors have also stepped up attacks in recent years. U.S. officials have acknowledged that ‘Volt Typhoon,’ a Chinese-affiliated cyber group, has carried out multiple attacks on U.S. infrastructure.

Read the original article by clicking here.