EPA tightening the leash on cybersecurity threats

May 22, 2024
1 min read

TLDR:

– The EPA is increasing inspections of critical water infrastructure due to cybersecurity threats.

– More than 70% of water systems failed to comply with Safe Drinking Water Act mandates.

The Environmental Protection Agency (EPA) is taking action against cybersecurity threats targeting critical water infrastructure. The agency issued an enforcement alert warning utilities about vulnerabilities to cyberattacks that could disrupt the treatment, distribution, and storage of drinking water. Since September 2023, over 70% of inspected water systems failed to comply with mandates under the Safe Drinking Water Act, such as changing default passwords and restricting access to facilities for former employees.

The EPA highlighted the increasing frequency and severity of cyberattacks against community water systems. Foreign governments and state-sponsored cyber groups have been identified as potential threats to infrastructure. The enforcement alert advises utilities to improve cyber hygiene by conducting employee training, backing up systems, and avoiding public-facing internet connections.

EPA administrator Michael Regan and national security advisor Jake Sullivan sent a letter to state governors earlier this year to raise awareness about cybersecurity risks. A National Security Council meeting in March prompted states to develop action plans to address vulnerabilities by June.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and