WASHINGTON (AP) — Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation’s drinking water.
About 70% of utilities inspected by federal officials over the last year violated standards meant to prevent breaches or other intrusions, the agency said. Officials urged even small water systems to improve protections against hacks. Recent cyberattacks by groups affiliated with Russia and Iran have targeted smaller communities.
Some water systems are falling short in basic ways, the alert said, including failure to change default passwords or cut off system access to former employees. Because water utilities often rely on computer software to operate treatment plants and distribution systems, protecting information technology and process controls is crucial, the EPA said. Possible impacts of cyberattacks include interruptions to water treatment and storage; damage to pumps and valves; and alteration of chemical levels to hazardous amounts, the agency said.
Get prepared for power outages and grid down events at Packing Heat.Co
“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” said EPA Deputy Administrator Janet McCabe.
Attempts by private groups or individuals to get into a water provider’s network and take down or deface websites aren’t new. More recently, however, attackers haven’t just gone after websites, they’ve targeted utilities’ operations instead.
Recent attacks are not just by private entities. Some recent hacks of water utilities are linked to geopolitical rivals, and could lead to the disruption of the supply of safe water to homes and businesses.
McCabe named China, Russia and Iran as the countries that are “actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater.”
Late last year, an Iranian-linked group called “Cyber Av3ngers” targeted multiple organizations including a small Pennsylvania town’s water provider, forcing it to switch from a remote pump to manual operations. They were going after an Israeli-made device used by the utility in the wake of Israel’s war against Hamas.
Earlier this year, a Russian-linked “hacktivist” tried to disrupt operations at several Texas utilities.
A cyber group linked to China and known as Volt Typhoon has compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories, U.S. officials said. Cybersecurity experts believe the China-aligned group is positioning itself for potential cyberattacks in the event of armed conflict or rising geopolitical tensions.
“By working behind the scenes with these hacktivist groups, now these (nation states) have plausible deniability and they can let these groups carry out destructive attacks. And that to me is a game-changer,” said Dawn Cappelli, a cybersecurity expert with the risk management firm Dragos Inc.
The world’s cyberpowers are believed to have been infiltrating rivals’ critical infrastructure for years planting malware that could be triggered to disrupt basic services. Read more here…
