Iran may attack US water supplies, warns Biden administration

White House national security adviser Jake Sullivan
National security adviser Jake Sullivan issues chilling warnings - Andrew Harnik/AP
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

Iran is poised to attack US drinking water supplies, the Biden administration has warned, amid rising tensions in the Middle East.

Jake Sullivan, Joe Biden’s national security adviser, sent a warning to state governors asking them to be on guard for potential cyber attacks on their critical infrastructure systems.

The warning letter was co-authored by Michael Regan, the head of the US Environmental Protection Agency and made public on Tuesday.

In it, they cited ongoing threats from hackers linked to the governments of Iran and China and warned hackers associated with both states have previously attacked water systems.

‘Attractive target for hackers’

“Disabling cyber attacks are striking water and waste water systems throughout the United States,” the pair wrote.

They warned that drinking water and waste water systems were “an attractive target” for hackers because while they are “lifeline-critical” they “often lack the resources and technical capacity” to protect themselves from potential attacks.

“We need your support to ensure that all water systems in your state comprehensively assess their current cyber security practices to identify any significant vulnerabilities,” they told state governors.

They went on to request that each state exercises plans to prepare and recover from a potential cyber incident.

Environmental Protection Agency administrator Michael Regan
Environmental Protection Agency head Michael Regan - Andrew Harnik/AP

It comes after figures associated with the Islamic Revolutionary Guard Corps (IRGC), the Iranian state security body, were identified by Washington as carrying out cyber attacks against critical US infrastructure entities, including drinking water systems.

The IRGC-linked hackers were able to target and disable a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password, according to the Biden administration.

In late November, Iranian-backed hackers attacked Israeli-made digital controls commonly used in the water and waste water industries in the US, affecting several states, according to Bloomberg, although it did not affect water supplies.

‘Potential to disrupt critical lifeline’

Meanwhile, Volt Typhoon, a Chinese state-sponsored group, has also previously compromised drinking water and other critical infrastructure systems, the Biden administration letter warned.

It stated: “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

The US government had assessed with a high degree of confidence that Volt Typhoon is “pre-positioning” to “disrupt critical infrastructure operations” in the event of rising tensions or military conflicts, the letter said.

The water system is an especially vulnerable part of US infrastructure, fraught with weak controls, insufficient funding and staffing shortages.

Broaden your horizons with award-winning British journalism. Try The Telegraph free for 3 months with unlimited access to our award-winning website, exclusive app, money-saving offers and more.