While no specifics have been given, the federal government on Monday warned that state actors such as Russia and China are planning attacks on America’s water systems. Is the water supply in places like New York and New Jersey at risk?
In 2021, it was revealed that hackers were threatening New Jersey’s water infrastructure. A water system in Pennsylvania was recently attacked by Iranian hackers.
“A cyberattack on our state’s drinking water could have a cataclysmic domino effect on other critical infrastructure sectors, including healthcare and public health, emergency services, dams, energy and food and agriculture,” said NJOHSP Director Laurie Doran. “This grant program will provide, among others, New Jersey’s public utilities, water companies and municipal water districts with the necessary tools, technologies and services to strengthen the cybersecurity of their water systems, resulting in a safer and more secure water supply for our residents and our state.”
Cyberattacks targeting water utilities and their infrastructure are growing more in frequency and intensity, the Biden administration warned Monday.
The Environmental Protection Agency (EPA) issued the warning, asserting that private and state-backed actors from countries including China, Iran and Russia are ramping up their efforts to interfere with water utilities’ operations. Approximately 70% of the relevant facilities examined by federal officials over the last 12 months were found to be in violation of rules and safeguards intended to prevent unauthorized access by outside individuals or groups.
“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” EPA Deputy Administrator Janet McCabe said of the matter.
Hospital Organization Calls For Congressional Action Amid ‘Fallout’ After Healthcare System Cyberattackhttps://t.co/adeRsWWydk
— Daily Caller (@DailyCaller) March 5, 2024
Some water utility facilities and infrastructure are falling short of even the most basic cybersecurity standards, the EPA said in its warning notice. Some of these shortcomings include neglecting to alter default passwords or terminating former employees’ access to relevant computer systems.
The agency said the threat to America’s water system has grown to such an extent that “additional action is critical.”
“We want to make sure that we get the word out to people that ‘Hey, we are finding a lot of problems here,’” McCabe said.
Water utility systems are often reliant on computer systems to run, meaning that a serious breach could seriously disrupt operators’ ability to provide drinking water or wastewater to customers, according to The Associated Press. It is widely believed that several of the world’s leading powers have spent years gaining access to utility providers and other key infrastructure, planting malware and waiting for an international crisis or a hot war to trigger it and debilitate geopolitical foes.
One China-tied cybercriminal outfit, known as Volt Typhoon, has already breached essential computer systems in American infrastructure, including in its water system, according to the AP.
The American water system has some large utility providers, as well as many smaller operators serving smaller communities nationwide, according to the AP. The smaller companies tend to have fewer resources, making them less able to immediately devote considerable time and attention to hardening themselves against potential threats.
However, the EPA has offered to help utilities bolster their defenses for free, and advised that simple steps — such as not using default passwords — can enhance security, according to the AP.
EPA Administrator Michael Regan and national security adviser Jake Sullivan authored a March letter to all 50 governors urging them to organize their respective administrations in an effort to augment cybersecurity for water utilities and related infrastructure.
Neither the EPA nor the Cybersecurity and Infrastructure Security Agency (CISA) responded immediately to requests for comment.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact [email protected].