Current:Home > reviewsEPA urges water utilities to protect nation's drinking water amid heightened cyberattacks -GrowthProspect
EPA urges water utilities to protect nation's drinking water amid heightened cyberattacks
View
Date:2025-04-12 05:37:02
Cyberattacks targeting water utilities across the country have increased in frequency and severity, the U.S. Environmental Protection Agency warned Monday as it urged community water systems to take immediate steps to reduce cybersecurity vulnerabilities and protect the nation's public drinking water supplies.
The EPA has issued an enforcement alert detailing "urgent cybersecurity threats and vulnerabilities" to community drinking water systems, the agency said in a news release Monday. A majority of water systems — over 70% — inspected by the EPA since last September violated standards in the Safe Drinking Water Act, according to the alert.
The Safe Drinking Water Act was established to protect public health by regulating public drinking water supplies in the country, according to the EPA. Among those inspected, the agency identified "alarming" cybersecurity vulnerabilities in some water systems.
The agency found that some water systems failed to change default passwords and cut off access to former employees in addition to only using single logins for all staff that can be compromised, the alert said. Although many of the EPA's requirements to protect water systems are "basic cyber hygiene practices," the agency said potential cyberattacks can cause significant impacts on both water utilities and consumers.
The EPA also recommended that small water systems improve protections against cybersecurity threats, noting that disruptive cyberattacks have impacted water systems of all sizes. Recent cyberattacks by organizations affiliated with Russia and Iran have targeted utilities in Pennsylvania and Texas.
"Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks," EPA Deputy Administrator Janet McCabe said in a statement. "EPA’s new enforcement alert is the latest step that the Biden-Harris Administration is taking to ensure communities understand the urgency and severity of cyberattacks and water systems are ready to address these serious threats to our nation’s public health."
Is yours on our map?70 million Americans drink water from systems reporting PFAS to EPA.
Cyberattacks can disrupt 'critical lifeline of clean and safe drinking water'
According to the EPA, the new alert is part of a government-wide effort led by the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. "EPA is issuing this alert because threats to, and attacks on, the nation’s water system have increased in frequency and severity to a point where additional action is critical," the agency said.
Because water systems often depend on computer software to operate treatment plants and distribution systems, the EPA said protecting information technology and process control systems is essential. The agency added that implementing basic cyber hygiene practices can help utilities prevent, detect, respond to, and recover from cyberattacks.
Cyberattacks have the "potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities," according to the EPA. Possible impacts of cyber incidents include disruptions of water treatment, distribution, and storage; damage to pumps and valves; and altered chemical levels to hazardous amounts, the agency said in its alert.
In March, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to all 50 U.S. governors asking states to develop a plan to secure water systems against cyber threats. The request was followed by a meeting in which the National Security Council urged states to present its plans by late June, according to the EPA.
"Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices," Regan and Sullivan said in the letter.
Dangers of cybersecurity threats in the U.S.
The new EPA alert sheds light on a growing threat in the United States with federal authorities expressing increasing concerns over public utilities and infrastructure being targeted by foreign cyberattacks.
Federal agencies have issued numerous advisories for cyberattacks against water and wastewater systems by foreign groups, including the Iranian Government Islamic Revolutionary Guard Corps, Russia state-sponsored actors, and China state-sponsored cyber actors, according to the EPA.
Last November, an Iranian-linked cyber group, Cyber Av3ngers, hacked into water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure — and one that includes technology manufactured in Israel. Federal authorities said the group was looking to disrupt Israeli-made technology in the United States.
Earlier this year, a Russian-linked hacking group was tied to a cyberattack that caused a water system in the small town of Muleshoe, Texas, to overflow, CNN reported. Town officials told CNN that the incident coincided with at least two other north Texas towns detecting suspicious cyber activity on their networks.
In both incidents in Pennsylvania and Texas, authorities said officials switched to manual operations.
Microsoft revealed last May that a cyber group with ties to China, known as Volt Typhoon, was targeting critical infrastructure organizations in the United States. In February, several federal agencies said Volt Typhoon compromised multiple infrastructure organizations in the communications, energy, transportation, and water sectors.
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the company said in a blog post.
Cyberattacks have also disrupted insurance companies and hospital systems in several states in recent years.
Contributing: Claire Thornton, USA TODAY
veryGood! (9)
Related
- Travis Hunter, the 2
- Last call: New York City bids an official farewell to its last public pay phone
- A Spotify publisher was down Monday night. The culprit? A lapsed security certificate
- We're Gonna Need a Shot After Pedro Pascal Reacted to His Viral Starbucks Order
- 'No Good Deed': Who's the killer in the Netflix comedy? And will there be a Season 2?
- Authorities in China question staff at U.S. consulting firm Bain & Company in Shanghai
- U.S. accuses notorious Mexican cartel of targeting Americans in timeshare fraud
- Elon Musk says doubt about spam accounts could doom Twitter deal
- Behind on your annual reading goal? Books under 200 pages to read before 2024 ends
- Taliban kills ISIS-K leader behind 2021 Afghanistan airport attack that left 13 Americans dead, U.S. officials say
Ranking
- Apple iOS 18.2: What to know about top features, including Genmoji, AI updates
- Why Taylor Swift's Red Lipstick Era Almost Didn't Happen
- Coronation Chair renovated and ready for King Charles III after 700 years of service
- It's Been A Minute: Digital Privacy In A Possible Post-Roe World
- 'We're reborn!' Gazans express joy at returning home to north
- Hal Walker: The Man Who Shot The Moon
- U.S. targets Iran and Russia with new sanctions over hostages, wrongfully detained Americans
- Adam Brody Would Do a Revival of The O.C. Under One Condition
Recommendation
Elon Musk's skyrocketing net worth: He's the first person with over $400 billion
Taylor Swift Dropping 4 Previously Unreleased Songs in Honor of The Eras Tour Kickoff
This Affordable Amazon Blouse With 10,500+ Five-Star Reviews Is Perfect for Spring
Transcript: Rep. Nancy Mace on Face the Nation, April 30, 2023
The Daily Money: Spending more on holiday travel?
Great British Baking Show Reveals Matt Lucas' Replacement as Host
An appeals court finds Florida's social media law unconstitutional
Suspected American fugitive who allegedly faked death insists he is Irish orphan in bizarre interview