Water Cybersecurity Efforts Come to a Boil

Back in February, we covered the CISA, NSA, and FBI’s warning to ramp up U.S. ports and water systems cybersecurity. Now the call is resurging, particularly around water and wastewater systems. This time, the EPA is circulating an alert that demands operators boost protections in the face of escalating threats.

A New Alarm is Sounded for Water Facility Operators

The EPA issued a recent alert raising concerns around the rising prominence of cyberattacks from Russia and Iran on water systems. In the alert, the agency highlighted that close to 70% of the United States’ community drinking water systems do not meet the standards set by the Safe Drinking Water Act, which includes cybersecurity requirements for such facilities. Vulnerabilities that remain unaddressed include simple problems such as passwords and single logins ripe for compromise, in addition to other cyber hygiene practices such as removing access for former employees.

We know that state-sponsored hackers have already been able to access water systems throughout the country. For instance, an Iranian-linked group, Cyber Av3ngers, previously infiltrated a water authority infrastructure in Aliquippa, Pennsylvania. And earlier this year, a Russian group conducted a cyberattack on a water system in Muleshoe, Texas. Therefore, the EPA has emphasized that it is critical to not only fix the vulnerabilities mentioned above, but take further steps to secure information technology and process control systems.

Some steps the agency has recommended include conducting regular assessments and cyber awareness training as well as reducing exposure to public-facing internet. Experts have also noted that identifying, scanning, and properly managing all IoT devices will be an important process in setting up strong defenses.

Shielding OT in Operations 

Of course in these actions, it is also essential to ensure that you are strengthening both IT and OT networks to fend off threat actors. On top of the other recommendations, the EPA has outlined in its “Top Actions for Securing Water Systems” that operators inventory all OT/IT assets and backup such OT/IT systems. 

On top of water systems, a focus on OT is picking up traction elsewhere. As reported by MeriTalk, “Sixty-eight percent of Federal operational technology (OT) administrators and managers reported experiencing an OT cyber-incident in the past year, but only half felt confident they could detect or mitigate a threat today.” As such, they are ready to invest more time and resources. MeriTalk also summarized that 90% of Federal OT leaders have experienced an increase in their agency’s prioritization of OT cybersecurity in the past two years. Nonetheless, they still face some challenges such as network visibility and exposure management.


You Might Also Like...