U.S. National Security Advisor, Jake Sullivan, and Environmental Protection Agency (EPA) Administrator, Michael Regan, issued a joint letter to governors, warning them about the increasing number of cyberattacks targeting vital water infrastructure across the US.
The letter emphasized the notorious hackers breaching US water systems and the need for governors’ assistance in bolstering the cybersecurity defenses of their respective state’s water systems and ensuring that they can recover from any potential water system breaches.
“Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks,”
“EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems.”
EPA Administrator Michael S. Regan.
With hackers breaching US water, the National Security Council (NSC) and the Environmental Protection Agency (EPA) have extended an invitation to governors to participate in a virtual meeting on March 21.
The purpose of this meeting is to foster stronger collaboration between government entities and water systems.
During the meeting, the establishment of a Water Sector Cybersecurity Task Force will be discussed. This task force will play a crucial role in identifying effective actions and strategies on a national level to mitigate the risks associated with cyber attacks on water systems.
“We’ve worked across government to implement significant cybersecurity standards in our nation’s critical infrastructure, including in the water sector, as we remain vigilant to the risks and costs of cyber threats,”
“We look forward to continuing our partnership with the EPA to bolster the cybersecurity of America’s water and wastewater systems.”
National Security Advisory Jake Sullivan.
Hackers Breaching US Water Infrastructure Multiple Times
Following a series of incidents, the CISA, FBI and the EPA collaborated in February and issued a comprehensive list of defensive measures for the U.S. water sector.
These measures will help mitigate the risks of cyberattacks and enhance the overall resilience of water systems against malicious activities.
Recent events have demonstrated the seriousness of the threat, with both Iranian and Chinese state-backed threat groups successfully targeting and compromising U.S. water systems.
The threat actors affiliated with the IRGC infiltrated a water facility in Pennsylvania, while the Volt Typhoon hackers breached the networks of critical infrastructure organizations, including U.S drinking water systems.
In September, CISA took another initiative by launching a free security scan program.
This program helps critical infrastructure facilities, including water utilities, in identifying and addressing potential security vulnerabilities within their systems.
The U.S. Water and Wastewater Systems (WWS) Sector has experienced numerous breaches over the past decade.
These incidents have involved ransomware, such as Ghost, ZuCaNo, and Makop.
Notable attacks occurred in 2011 at a South Houston wastewater treatment plant, in 2016 at a water company with an outdated software and hardware equipment, in August 2020, and in May 2021 at a Pennsylvania water system.