A recent evaluation of water systems conducted by the Environmental Protection Agency (EPA) has revealed concerning findings. The EPA reported on Monday that over 70% of water systems surveyed since last September have failed to meet security standards, leaving them vulnerable to cyberattacks.
The agency highlighted critical vulnerabilities in some facilities, such as the use of default passwords that were never updated with new credentials. This puts wastewater and water sanitation systems at risk of being crippled by cyber threats.
In response to these findings, the EPA issued an enforcement alert, urging water system owners and operators to enhance their network security measures. The agency recommended actions such as taking inventory of operational assets, conducting cybersecurity training, and transitioning certain systems off the internet.
To address the issue, the EPA announced that it will increase water infrastructure inspections and may take civil and criminal enforcement actions against non-compliant water systems. The failures to meet security standards also raise concerns about potential violations of the Safe Water Drinking Act.
Recent incidents involving nation-state hackers infiltrating water systems have prompted the EPA to issue the alert. The agency emphasized the importance of safeguarding operations and ensuring the resilience of water systems against cyber threats.
The complex regulatory environment of the U.S. water landscape poses challenges for improving digital defenses in water systems, particularly for rural operators with limited funding and resources. Despite efforts to enforce stronger security mandates, the EPA faced opposition from GOP-led states and trade groups regarding cybersecurity evaluations.
Multiple nation-state adversaries, including China and Russia, have been implicated in cyberattacks targeting water infrastructure. The EPA and National Security Council have issued warnings to states about the heightened risks of cyber threats in the water sector.
With concerns also raised about the cybersecurity of dam systems, officials are working to develop new guidelines to protect critical infrastructure from cyber threats.Overall, the EPA’s alert serves as a reminder of the pressing need to strengthen cybersecurity measures in water systems to prevent potential disruptions and safety risks.
