The Biden administration cautioned governors on Tuesday about the presence of harmful cyberattacks targeting drinking water and wastewater systems across the nation. They encouraged the governors to assist in finding and resolving any weaknesses.
According to Michael Regan, the head of the Environmental Protection Agency (EPA), and White House national security adviser Jake Sullivan, water and wastewater systems can be a tempting target for cyberattacks because of their crucial role and frequent lack of the necessary resources and technical capacity to implement strong cybersecurity measures.
Regan and Sullivan mentioned that simple cybersecurity measures, such as changing default passwords or updating software to fix known flaws, are often neglected, and this oversight can make the difference between normal operations and a disruptive cyberattack.
They urged the governors to ensure that all water systems in their states identify any major vulnerabilities, implement measures to reduce cybersecurity risks, and prepare for potential cyber incidents.
Regan and Sullivan highlighted that cyber groups linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) and China have recently focused on critical U.S. infrastructure, including drinking water systems.
Last year, actors associated with the IRGC targeted and rendered inoperative the operational technology at water facilities that had not changed their default manufacturer password. Additionally, a Chinese state-backed cyber group has breached the IT systems of various critical infrastructure organizations and seems to be positioning itself to disrupt operations.
Regan emphasized in a press release that drinking water and wastewater systems are vital for communities, but many systems have not implemented important cybersecurity measures to prevent potential cyberattacks.
The administration is arranging a meeting with state environmental, health, and homeland security secretaries to discuss cyber threats to water systems and is planning to establish a Water Sector Cybersecurity Task Force, as stated in the letter.
Regan added, “EPA and [National Security Council] are taking these threats very seriously and will continue collaborating with state environmental, health, and homeland security leaders to address the widespread and challenging risk of cyberattacks on water systems.”