EPA warns of cyber threats after finding major flaws in US water systems

The U.S. Environmental Protection Agency issued a warning Monday, May 20, about critical cybersecurity threats to community drinking water systems. These threats could have devastating effects on utilities and the people who rely on them for safe drinking water.

Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.

Point phone camera here

With just a few clicks, hackers could gain unauthorized access to water control systems, tamper with treatment processes and disrupt operations. Such actions could lead to contaminated water supplies, system failures and even ransom demands. State-sponsored hackers may also exploit these tactics for espionage purposes.

“Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks,” EPA Deputy Administrator Janet McCabe said. “EPA’s new enforcement alert is the latest step that the Biden-Harris Administration is taking to ensure communities understand the urgency and severity of cyberattacks and water systems are ready to address these serious threats to our nation’s public health.”

In 2021, hackers targeted water treatment plants in California and Florida. The first attack deleted programs used to treat drinking water, while the second attempted to poison the water supply by increasing lye levels. Water treatment officials stopped both attacks before they could cause harm.

Threats to the nation’s water systems escalated in both frequency and severity over the years, primarily driven by several nation-state hacker groups.

The “Cyber Army of Russia” has been implicated in numerous attacks on critical infrastructure, including an incident involving a water system in Muleshoe, Texas. In January, a “hacktivist” group released a video appearing to show manipulation of pump settings, resulting in the overflow of treatment tanks. City officials confirmed the event but noted that there were no disruptions to service.

According to the EPA, 70% of inspected water systems failed to meet the standards of the Safe Drinking Water Act since last year. These systems are vulnerable to cyber threats, putting the nation’s water supply at risk. Some of the vulnerabilities include default passwords and single logins that can be easily compromised, making them high-value targets for hackers.

The EPA is taking action to protect U.S. drinking water from cyber threats. Officials are increasing inspections, enforcing compliance and teaming up with state and industry partners to prevent attacks. The agency is also providing critical cybersecurity assistance to the water sector to keep the water safe.