“Disabling cyberattacks” are targeting drinking water and wastewater systems across the United States, government officials have warned.
The warning from the national security advisor and the head of the U.S. Environmental Protection Agency was sent to governors in a letter dated Monday but gained media attention over the last 24 hours, saying such attacks pose a “significant risk” to the country’s water supply.
“These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” the letter to governors warned.
“We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks.”
In their letter, National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan highlighted two recent and ongoing alleged threats by Iranian and Chinese hackers.
They cited a case in which hackers accused of acting in concert with Iran’s Revolutionary Guards had disabled a controller at a water facility in Pennsylvania and called out a Chinese hacking group dubbed “Volt Typhoon” which they said had “compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories.”
They urged the governors to ensure that all water systems in their state comprehensively assess their current cybersecurity practices, take steps to reduce cybersecurity risks and be prepared for potential cyber incidents.
“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the letter said.
The digital safety of water and sewage plants has long been a concern for cybersecurity professionals because the facilities provide a critical service and can often be lightly defended.
More to come.
— with files from Reuters