EPA urges water utilities to protect nation's drinking water amid heightened cyberattacks

Thao Nguyen, USA TODAY

Updated May 21, 2024 at 11:47 AM·5 min read

Cyberattacks targeting water utilities across the country have increased in frequency and severity, the U.S. Environmental Protection Agency warned Monday as it urged community water systems to take immediate steps to reduce cybersecurity vulnerabilities and protect the nation's public drinking water supplies.

The EPA has issued an enforcement alert detailing "urgent cybersecurity threats and vulnerabilities" to community drinking water systems, the agency said in a news release Monday. A majority of water systems — over 70% — inspected by the EPA since last September violated standards in the Safe Drinking Water Act, according to the alert.

The Safe Drinking Water Act was established to protect public health by regulating public drinking water supplies in the country, according to the EPA. Among those inspected, the agency identified "alarming" cybersecurity vulnerabilities in some water systems.

The agency found that some water systems failed to change default passwords and cut off access to former employees in addition to only using single logins for all staff that can be compromised, the alert said. Although many of the EPA's requirements to protect water systems are "basic cyber hygiene practices," the agency said potential cyberattacks can cause significant impacts on both water utilities and consumers.

The EPA also recommended that small water systems improve protections against cybersecurity threats, noting that disruptive cyberattacks have impacted water systems of all sizes. Recent cyberattacks by organizations affiliated with Russia and Iran have targeted utilities in Pennsylvania and Texas.

"Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks," EPA Deputy Administrator Janet McCabe said in a statement. "EPA’s new enforcement alert is the latest step that the Biden-Harris Administration is taking to ensure communities understand the urgency and severity of cyberattacks and water systems are ready to address these serious threats to our nation’s public health."

Is yours on our map? 70 million Americans drink water from systems reporting PFAS to EPA.

Cyberattacks can disrupt 'critical lifeline of clean and safe drinking water'

According to the EPA, the new alert is part of a government-wide effort led by the National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. "EPA is issuing this alert because threats to, and attacks on, the nation’s water system have increased in frequency and severity to a point where additional action is critical," the agency said.

Because water systems often depend on computer software to operate treatment plants and distribution systems, the EPA said protecting information technology and process control systems is essential. The agency added that implementing basic cyber hygiene practices can help utilities prevent, detect, respond to, and recover from cyberattacks.

Cyberattacks have the "potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities," according to the EPA. Possible impacts of cyber incidents include disruptions of water treatment, distribution, and storage; damage to pumps and valves; and altered chemical levels to hazardous amounts, the agency said in its alert.

In March, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to all 50 U.S. governors asking states to develop a plan to secure water systems against cyber threats. The request was followed by a meeting in which the National Security Council urged states to present its plans by late June, according to the EPA.

"Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices," Regan and Sullivan said in the letter.

Dangers of cybersecurity threats in the U.S.

The new EPA alert sheds light on a growing threat in the United States with federal authorities expressing increasing concerns over public utilities and infrastructure being targeted by foreign cyberattacks.

Federal agencies have issued numerous advisories for cyberattacks against water and wastewater systems by foreign groups, including the Iranian Government Islamic Revolutionary Guard Corps, Russia state-sponsored actors, and China state-sponsored cyber actors, according to the EPA.

Last November, an Iranian-linked cyber group, Cyber Av3ngers, hacked into water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure — and one that includes technology manufactured in Israel. Federal authorities said the group was looking to disrupt Israeli-made technology in the United States.

Earlier this year, a Russian-linked hacking group was tied to a cyberattack that caused a water system in the small town of Muleshoe, Texas, to overflow, CNN reported. Town officials told CNN that the incident coincided with at least two other north Texas towns detecting suspicious cyber activity on their networks.

In both incidents in Pennsylvania and Texas, authorities said officials switched to manual operations.

Microsoft revealed last May that a cyber group with ties to China, known as Volt Typhoon, was targeting critical infrastructure organizations in the United States. In February, several federal agencies said Volt Typhoon compromised multiple infrastructure organizations in the communications, energy, transportation, and water sectors.

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the company said in a blog post.

Cyberattacks have also disrupted insurance companies and hospital systems in several states in recent years.

Contributing: Claire Thornton, USA TODAY

This article originally appeared on USA TODAY: EPA warns of increasing cyberattacks against community water systems

Yahoo Finance
Beware the retirement savings 'time bomb,' tax expert warns
Taxes are the "retirement time bomb," according to one tax expert. Here's what you can do now.
Yahoo Finance
Here's what's really bothering me about the exploding Nasdaq
Not everything is looking great within the record-setting Nasdaq.
Yahoo Life
Quiz: Ozempic and other weight loss drugs are rising in popularity. How much do you know about them?
Take our quiz to see how much you know about weight loss drugs, who uses them and how they work.
Yahoo Sports
5 things to know from the weekend in MLB: With Juan Soto and Aaron Judge crushing at the plate, are the Yankees to be feared again?
The Yanks head home after a very successful nine-game California trip — they went 7-2 — for a series against, who else, their all-time punching bag: The Minnesota Twins.
Yahoo Sports
Simone Biles wins record 9th all-around title at U.S. championships ahead of Paris Olympics
Simone Biles extended her record with another all-around title at the U.S. championships on Sunday night
Yahoo Sports
Commanders release K Brandon McManus after sexual assault lawsuit
Brandon McManus was accused of sexually assaulting two flight attendants last season with the Jaguars in a new lawsuit.
Yahoo Sports
Birmingham-Southern's season ends on UW-Whitewater walk-off homer at DIII College World Series
Birmingham-Southern College's baseball team is finally finished after an 11–10 loss to Wisconsin-Whitewater at the Division III College World Series.
Yahoo Sports
NASCAR: Austin Cindric wins at Gateway after Ryan Blaney's car slows on the final lap
Blaney appeared to run out of gas as he took the white flag.
Yahoo Sports
White Sox's Tommy Pham says he's always prepared to 'f*** somebody up' after confrontation with Brewers' William Contreras
Chicago White Sox outfielder Tommy Pham told reporters he's always prepared to fight after an on-field confrontation with Milwaukee Brewers catcher William Contreras.
TechCrunch
French startup ten ten reinvents the walkie-talkie
Less than one year after its iOS launch, French startup ten ten has gone viral with a walkie-talkie app that allows teens to send voice messages to their close friends — even when their phone is locked. Whether you think that's a recipe for disaster or the coolest thing you've heard may depend on your age group, and teens clearly heard of that one long before we did; although walkie talkies are clearly not a new concept, even in app form. "We’re ephemeral by design," ten ten co-founder and CEO, Jule Comar said in a written interview with TechCrunch.
Yahoo News
What’s in Biden's 3-phase plan to end the war in Gaza?
The plan includes a six-week ceasefire and full Israeli withdrawal.
Engadget
Boeing’s Starliner has two more chances this week to make its first crewed flight
While NASA and partners discussed possibly flying today following their assessment of the issue, they ultimately decided to hold off until the next opportunities, either on June 5 or 6.
Yahoo Sports
Yankees' Gerrit Cole to begin rehab assignment this week, says Aaron Boone
New York Yankees pitcher Gerrit Cole will begin a minor league rehab assignment this week, according to manager Aaron Boone. Cole has been sidelined with elbow inflammation.
Yahoo Sports
Coco Gauff calls out French Open, tennis organizers over late match schedules: 'It's not healthy'
Novak Djokovic's latest win at the French Open didn't finish until 3:07 a.m. local time in the latest example of a long-running match in the sport.
Yahoo News
Hunter Biden's gun trial begins this week. Here's everything you need to know about the case.
The president's son pleaded not guilty to three charges related to a 2018 gun purchase.
Yahoo Sports
Sky-Fever fallout: Foul on Caitlin Clark upgraded to flagrant-1, Angel Reese fined $1,000 for skipping interviews
The Sky have also been fined $5,000.
TechCrunch
Unicorn-rich VC Wesley Chan owes his success to a Craigslist job washing lab beakers
Wesley Chan is often seen in his signature buffalo hat; however, he may be even more well-known for his ability to spot unicorns. Over the course of his career in venture capital, he’s invested in over 20 unicorns, including AngelList, Dialpad, Ring, Rocket Lawyer and Sourcegraph. After working at Google in its early days as an engineer, he became an investor.
Autoblog
Toyota Supra's future to yet be decided publicly
BMW's ending production of the Z4 next year. Toyota isn't saying what will happen to its Supra that's on the German convertible.
Engadget
Apple’s third-gen AirPods are back on sale for $140
You can get Apple’s third-generation AirPods for under $150 right now. In a deal on Amazon, the AirPods are back down to their record-low price of $140, a 17 percent discount. This model normally costs $170.
Yahoo Life Shopping
The 'festive' solar torch lights to make your garden glow are 40% off at Amazom
Get eight of these flickering-flame beauties for $30 and 'make spring/summer a little more fun.'

News

Life

Entertainment

Finance

Sports

New on Yahoo

EPA urges water utilities to protect nation's drinking water amid heightened cyberattacks

Cyberattacks can disrupt 'critical lifeline of clean and safe drinking water'

Dangers of cybersecurity threats in the U.S.

Recommended Stories

Beware the retirement savings 'time bomb,' tax expert warns

Here's what's really bothering me about the exploding Nasdaq

Quiz: Ozempic and other weight loss drugs are rising in popularity. How much do you know about them?

5 things to know from the weekend in MLB: With Juan Soto and Aaron Judge crushing at the plate, are the Yankees to be feared again?

Simone Biles wins record 9th all-around title at U.S. championships ahead of Paris Olympics

Commanders release K Brandon McManus after sexual assault lawsuit

Birmingham-Southern's season ends on UW-Whitewater walk-off homer at DIII College World Series

NASCAR: Austin Cindric wins at Gateway after Ryan Blaney's car slows on the final lap

White Sox's Tommy Pham says he's always prepared to 'f*** somebody up' after confrontation with Brewers' William Contreras

French startup ten ten reinvents the walkie-talkie

What’s in Biden's 3-phase plan to end the war in Gaza?

Boeing’s Starliner has two more chances this week to make its first crewed flight

Yankees' Gerrit Cole to begin rehab assignment this week, says Aaron Boone

Coco Gauff calls out French Open, tennis organizers over late match schedules: 'It's not healthy'

Hunter Biden's gun trial begins this week. Here's everything you need to know about the case.

Sky-Fever fallout: Foul on Caitlin Clark upgraded to flagrant-1, Angel Reese fined $1,000 for skipping interviews

Unicorn-rich VC Wesley Chan owes his success to a Craigslist job washing lab beakers

Toyota Supra's future to yet be decided publicly

Apple’s third-gen AirPods are back on sale for $140

The 'festive' solar torch lights to make your garden glow are 40% off at Amazom