Current:Home > StocksEPA urges water utilities to protect nation's drinking water amid heightened cyberattacks -OceanicInvest
EPA urges water utilities to protect nation's drinking water amid heightened cyberattacks
View
Date:2025-04-24 11:45:14
Cyberattacks targeting water utilities across the country have increased in frequency and severity, the U.S. Environmental Protection Agency warned Monday as it urged community water systems to take immediate steps to reduce cybersecurity vulnerabilities and protect the nation's public drinking water supplies.
The EPA has issued an enforcement alert detailing "urgent cybersecurity threats and vulnerabilities" to community drinking water systems, the agency said in a news release Monday. A majority of water systems — over 70% — inspected by the EPA since last September violated standards in the Safe Drinking Water Act, according to the alert.
The Safe Drinking Water Act was established to protect public health by regulating public drinking water supplies in the country, according to the EPA. Among those inspected, the agency identified "alarming" cybersecurity vulnerabilities in some water systems.
The agency found that some water systems failed to change default passwords and cut off access to former employees in addition to only using single logins for all staff that can be compromised, the alert said. Although many of the EPA's requirements to protect water systems are "basic cyber hygiene practices," the agency said potential cyberattacks can cause significant impacts on both water utilities and consumers.
The EPA also recommended that small water systems improve protections against cybersecurity threats, noting that disruptive cyberattacks have impacted water systems of all sizes. Recent cyberattacks by organizations affiliated with Russia and Iran have targeted utilities in Pennsylvania and Texas.
"Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks," EPA Deputy Administrator Janet McCabe said in a statement. "EPA’s new enforcement alert is the latest step that the Biden-Harris Administration is taking to ensure communities understand the urgency and severity of cyberattacks and water systems are ready to address these serious threats to our nation’s public health."
Is yours on our map?70 million Americans drink water from systems reporting PFAS to EPA.
Cyberattacks can disrupt 'critical lifeline of clean and safe drinking water'
According to the EPA, the new alert is part of a government-wide effort led by the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. "EPA is issuing this alert because threats to, and attacks on, the nation’s water system have increased in frequency and severity to a point where additional action is critical," the agency said.
Because water systems often depend on computer software to operate treatment plants and distribution systems, the EPA said protecting information technology and process control systems is essential. The agency added that implementing basic cyber hygiene practices can help utilities prevent, detect, respond to, and recover from cyberattacks.
Cyberattacks have the "potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities," according to the EPA. Possible impacts of cyber incidents include disruptions of water treatment, distribution, and storage; damage to pumps and valves; and altered chemical levels to hazardous amounts, the agency said in its alert.
In March, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to all 50 U.S. governors asking states to develop a plan to secure water systems against cyber threats. The request was followed by a meeting in which the National Security Council urged states to present its plans by late June, according to the EPA.
"Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices," Regan and Sullivan said in the letter.
Dangers of cybersecurity threats in the U.S.
The new EPA alert sheds light on a growing threat in the United States with federal authorities expressing increasing concerns over public utilities and infrastructure being targeted by foreign cyberattacks.
Federal agencies have issued numerous advisories for cyberattacks against water and wastewater systems by foreign groups, including the Iranian Government Islamic Revolutionary Guard Corps, Russia state-sponsored actors, and China state-sponsored cyber actors, according to the EPA.
Last November, an Iranian-linked cyber group, Cyber Av3ngers, hacked into water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure — and one that includes technology manufactured in Israel. Federal authorities said the group was looking to disrupt Israeli-made technology in the United States.
Earlier this year, a Russian-linked hacking group was tied to a cyberattack that caused a water system in the small town of Muleshoe, Texas, to overflow, CNN reported. Town officials told CNN that the incident coincided with at least two other north Texas towns detecting suspicious cyber activity on their networks.
In both incidents in Pennsylvania and Texas, authorities said officials switched to manual operations.
Microsoft revealed last May that a cyber group with ties to China, known as Volt Typhoon, was targeting critical infrastructure organizations in the United States. In February, several federal agencies said Volt Typhoon compromised multiple infrastructure organizations in the communications, energy, transportation, and water sectors.
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the company said in a blog post.
Cyberattacks have also disrupted insurance companies and hospital systems in several states in recent years.
Contributing: Claire Thornton, USA TODAY
veryGood! (575)
Related
- What do we know about the mysterious drones reported flying over New Jersey?
- Mehdi Hasan announces MSNBC exit after losing weekly show
- Serbian authorities help evacuate cows and horses stuck on a river island in cold weather
- Former Michigan staffer Connor Stalions breaks silence after Wolverines win national title
- 'Squid Game' without subtitles? Duolingo, Netflix encourage fans to learn Korean
- Barry Keoghan Details His Battle With Near-Fatal Flesh-Eating Disease
- 'Sex with a Brain Injury' reveals how concussions can test relationships
- Under growing pressure, Meta vows to make it harder for teens to see harmful content
- Bill Belichick's salary at North Carolina: School releases football coach's contract details
- The best TV of early 2024: Here's what to watch in January
Ranking
- Krispy Kreme offers a free dozen Grinch green doughnuts: When to get the deal
- The rebranding of Xinjiang
- Florida woman arrested after police say she beat poodle to death with frying pan
- Golden Globes brings in 9.4 million viewers, an increase in ratings
- Selena Gomez engaged to Benny Blanco after 1 year together: 'Forever begins now'
- GE business to fill order for turbines to power Western Hemisphere’s largest wind project
- Third Eye Blind reveals dates and cities for Summer Gods 2024 tour
- Judge issues arrest warrant for man accused of killing thousands of bald eagles
Recommendation
Off the Grid: Sally breaks down USA TODAY's daily crossword puzzle, Triathlon
A fuel leak forces a US company to abandon its moon landing attempt
Florida woman arrested after police say she beat poodle to death with frying pan
Millions could lose affordable access to internet service with FCC program set to run out of funds
The FTC says 'gamified' online job scams by WhatsApp and text on the rise. What to know.
Which was the best national championship team of the CFP era? We ranked all 10.
The 'Epstein list' and why we need to talk about consent with our kids
Intensified Russian airstrikes are stretching Ukraine’s air defense resources, officials say