Federal Agency Issues Warning About Drinking Water


The EPA and White House warned this week that foreign adversaries are carrying out cyberattacks against U.S. water and sewage systems.

A U.S. government agency warned this week that foreign adversaries are carrying out cyberattacks against water and sewage systems across the United States.

In a letter issued to governors on March 19, U.S. national security adviser Jake Sullivan and Environmental Protection Agency Administrator Michael Regan said that hackers are “striking water and wastewater systems throughout” the country and highlighted specific cyberattacks by groups sponsored by Iran and China.

“These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” their letter stated.

The letter noted that drinking water and sewage systems will likely be targeted by hackers because they are critical infrastructure used by tens of millions of people. Meanwhile, those systems often lack the resources or ability to implement proper security protocols, it warned.

“Even basic cybersecurity precautions—such as resetting default passwords or updating software to address known vulnerabilities—are not in place and can mean the difference between business as usual and a disruptive cyberattack,” the letter stated.

It pointed out a recent incident in which alleged Iranian government-backed hackers disabled a controller at a Pennsylvania water facility. The letter also stated that a Chinese state-backed group called “Volt Typhoon” has “compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories.”

Related Stories

Chinese Coast Guard’s Continued Intrusions into Taiwan Waters Seen as Bluff by Analysts
Filing Patents for Wuhan Lab and Using Aliases: What the Fired Winnipeg Lab Scientists Are Up to in China
Last year’s intrusion at the Pennsylvania facility, which monitors and regulates water pressure, drew attention because the controller had a message that read: “YOU HAVE BEEN HACKED.” No damage to the water system was reported, but an industry group called the Water Information Sharing and Analysis Center warned that “this may not be an isolated incident.”

Several Pennsylvania lawmakers, including Rep. Chris Deluzio (D-Pa.) and Sens. John Fetterman (D-Pa.) and Bob Casey (D-Pa.), said that if a hacking attempt “like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States” and that residents in “Pennsylvania and across the country deserve peace of mind that basic infrastructure such as their drinking water is safe from nation-state adversaries and terrorist organizations.”

Regarding the Chinese hacker group Volt Typhoon, the March 19 letter warned that its “choice of targets and pattern of behavior are not consistent with traditional cyber espionage,” and officials said that the group and others may be “pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.”

National security officials have previously sounded the alarm that Chinese hackers also might be looking to target U.S. infrastructure in the event that the regime invades Taiwan.

A large cache of leaked documents from a Chinese hacking contractor that was released online last month suggest that the Chinese regime is continuing to target other countries. Those documents show that telecommunications companies, hospitals, universities, organizations, and government entities from many countries including the United States have been affected by the threats.
Chinese hacking warnings were renewed last month when AT&T and Cricket wireless service went down for users across the United States, leaving some people unable to make 911 calls in some locales. AT&T said that the outage, which lasted for about 12 hours, was caused by an internal problem and said that it was not the target of a cyberattack.

Sen. Marco Rubio (R-Fla.), vice chairman of the Senate Intelligence Committee, responded to the AT&T outage by saying that if China targets U.S. infrastructure, “it will be 100 times worse.”

“And it won’t be just cell service they hit; it will be your power, your water, and your bank,” he said.

Florida Gov. Ron DeSantis, a Republican, said during a media event in the midst of the outage: “Imagine if we had an EMP [electromagnetic pulse] attack. What would end up happening to this country? You’re so naturally reliant on having cell service. It’s a little bit jarring to think about.”

In an aerial view, fuel holding tanks are seen at Colonial Pipeline's Dorsey Junction Station in Washington on May 13, 2021. (Drew Angerer/Getty Images)
In an aerial view, fuel holding tanks are seen at Colonial Pipeline’s Dorsey Junction Station in Washington on May 13, 2021. (Drew Angerer/Getty Images)

Possibly the most egregious infrastructure hacking in recent years was the attack targeting the Colonial Pipeline in 2021, which forced the company to halt oil deliveries for about a week. A ransomware group known as DarkSide, allegedly based in Russia, appeared to claim responsibility for the attack, saying that it only wanted to “make money” and didn’t want to create “problems for society.”

The White House and Environmental Protection Agency’s letter on March 19 called on governors to back efforts to ensure that all water systems in their states identify any significant cybersecurity vulnerabilities, deploy measures to reduce cybersecurity risks where needed, and make plans to respond to and recover from cyber incidents.

Reuters contributed to this report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *