The Environmental Protection Agency warns that cyberattacks against water utilities around the U.S. are becoming more frequent and more severe
WASHINGTON — Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation's drinking water.
About 70% of utilities inspected by federal officials over the last year violated standards meant to prevent cyberthreats, the agency said. Officials urged even small water systems to improve protections against cyberattacks, noting that recent assaults from adversarial nation states like Russia and Iran have impacted water systems of all sizes.
Some water systems are falling short in basic ways, the alert said, including failure to change default passwords or cut off system access to former employees. Because water utilities often rely on computer software to operate treatment plants and distribution systems, protecting information technology and process controls is crucial, the EPA said. Possible impacts of cyberattacks include interruptions to water treatment and storage; damage to pumps and valves; and alteration of chemical levels to hazardous amounts, the agency said.
“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” said EPA Deputy Administrator Janet McCabe.
Attempts by private groups or individuals to get into a water provider’s network and take down or deface websites aren’t new. More
Read more on abcnews.go.com