UNITED STATES - The United States Environmental Protection Agency (EPA) has released an "Enforcement Alert" to address cybersecurity vulnerabilities of the country's drinking water after EPA Deputy Administrator Janet McCabe reported cyberattacks against critical water infrastructure have become not only more frequent but have also increased in severity.

Share

Chinese Affiliated Hackers Compromise Critical Infrastructure With Intent To Sow Panic, Chaos, Deploy Future Attacks

Defcon Level

·

December 12, 2023

Read full story

Daixin Claims It Hacked The North Texas Municipal Water District, Stole Sensitive Data

Defcon Level

·

November 29, 2023

Read full story

As US Government Prepares For Iranian Cyberattacks, Group Attacks Water Service In Pennsylvania, CISA Releases Alert

Defcon Level

·

November 27, 2023

Read full story

All Alerts On Critical Infrastructure

In light of both the increase in reported attacks on the water supply and an increase in vulnerabilities found in the country's water systems, the EPA urged water systems to act immediately to take steps to protect the nation's drinking water.

Refer a friend

Not only have cyberattacks become more frequent and severe against critical infrastructure, but the EPA says that around 70% of the water utilities inspected by the federal government over the last year were in violation of cybersecurity standards put into place to prevent attacks on the systems.

McCabe said in many cases systems are not doing what they should be doing and have no available plans for vulnerability prevention. As the water systems often rely on computers with operating systems, some of the ways the utilities failed the standards:

• Failing to change default passwords for equipment

• Failing to lock out system access to ex-employees

Cyberattacks on water systems can lead to numerous problems with either the water supply or the alteration of the chemical composition of the water to hazardous levels:

• Interruption in the water treatment process

• Interruption in the water storage process

• Damage to valves that control the water flow

• Damage to the water pumps

• Altering of the water's chemical composition

• Change of chemical levels to dangerous amounts

“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” McCabe stated.

McCabe: Cyberattacks On Water Infrastructure Are Not Just Private Individuals, Many Government-Backed Entities. FDA: Every US Critical Infrastructure Sector Has Been Targets Of Cyberattacks