U.S. Warns of Cyberattacks on Water Systems

The U.S. Environmental Protection Agency (EPA) and the White House have issued a warning to governors across the country, alerting them to the ongoing threat of cyberattacks against water and sewage systems. In a letter dated March 19, national security adviser Jake Sullivan and EPA Administrator Michael Regan stated that foreign adversaries, particularly those sponsored by Iran and China, are targeting these critical infrastructure systems throughout the United States.

The letter highlighted the potential for these attacks to disrupt the supply of clean and safe drinking water and impose significant costs on affected communities. It noted that drinking water and sewage systems are often targeted by hackers due to their importance to the daily lives of millions of people and their frequent lack of adequate cybersecurity measures.

“Even basic cybersecurity precautions—such as resetting default passwords or updating software to address known vulnerabilities—are not in place and can mean the difference between business as usual and a disruptive cyberattack,” the letter stated.

The warning cited recent incidents, including an attack by alleged Iranian government-backed hackers who disabled a controller at a Pennsylvania water facility, and the activities of a Chinese state-backed group called “Volt Typhoon,” which has compromised the information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories.

National security officials have previously raised concerns that Chinese hackers may be targeting U.S. infrastructure in preparation for potential geopolitical tensions or military conflicts, such as a possible invasion of Taiwan. The March 19 letter warned that the choice of targets and pattern of behavior exhibited by groups like Volt Typhoon are not consistent with traditional cyber espionage.

The White House and EPA called on governors to support efforts to identify significant cybersecurity vulnerabilities in all water systems within their states, deploy measures to reduce cybersecurity risks where needed, and develop plans to respond to and recover from cyber incidents.

The warning comes in the wake of other high-profile infrastructure attacks, such as the 2021 Colonial Pipeline ransomware attack, which forced the company to halt oil deliveries for about a week. As the threat of cyberattacks on critical infrastructure continues to grow, U.S. officials are urging state and local authorities to take proactive measures to protect the nation’s water and sewage systems from foreign adversaries.

Related Posts