Cyber Criminals Target US Water Infrastructure

Cyber criminals affiliated with Iran and China are targeting critical water sector infrastructure in the United States.

In a letter to governors, the Environmental Protection Agency's administrator, Michael Regan, and the president's national security advisor, Jake Sullivan, said disabling cyberattacks are striking water and wastewater systems throughout the United States.

"Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks," they wrote.

The attacks against U.S. water infrastructure have the potential to disrupt the critical lifeline of clean and safe drinking water, at the same time imposing significant costs on affected communities, according to the EPA.

Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) have targeted and disabled operational technology in facilities that had neglected to change a default manufacturer password.

China's state-sponsored cyber group, Volt Typhoon, has compromised the information technology of multiple drinking water systems in the US.

The group is pre-positioning itself to disrupt critical infrastructure during geopolitical tensions and/or military conflicts, according to the assessment from federal departments and agencies.

In a meeting held on Thursday, environmental, health, and homeland security officials discussed ways to ensure the nation's water sector is resilient to all threats and hazards. The news comes the day before World Water Day 2024.

The EPA, the lead federal agency in the government's efforts, will work with the Water Sector and Water Government Coordinating Councils to form a Water Sector Cybersecurity Task Force responsible for identifying near-term actions and strategies to reduce the risk against water systems.


Leave a reply

Your email will not be published. All fields are required.