Governors warn: Water systems at risk from cyber attacks

March 20, 2024
1 min read

TLDR:

– The EPA and NSA are warning state governors about the vulnerability of water systems to cyber attacks.
– State governments are being urged to ensure water systems have comprehensive cybersecurity assessments and plans in place.

The U.S. Environmental Protection Agency and National Security Council have issued a warning to state governors about the vulnerability of water systems to cyber attacks. In a joint letter, the EPA and NSA are urging state governments to take action to protect water and wastewater systems from potential cyber threats. The letter emphasizes the importance of conducting comprehensive cybersecurity assessments, identifying vulnerabilities, reducing risks, and having plans in place to respond to cyber incidents. It also highlights the lack of rigorous cybersecurity practices in many water systems, stressing the importance of implementing even basic precautions such as resetting default passwords and updating software. The EPA plans to collaborate with the water sector to establish a Water Sector Cybersecurity Task Force to address these challenges and reduce the risk of cyber attacks on water systems nationwide.

The Biden administration has placed a significant focus on cybersecurity in critical infrastructure, including the water sector, to mitigate the risks associated with cyber threats. Recent cyber attacks on critical infrastructure, including water companies, have raised concerns about the ability of hackers to exploit cyber-physical systems. It is crucial for organizations, including public utilities, to prioritize cybersecurity hygiene and software supply chain security to prevent future cyber attacks. The letter serves as a reminder of the importance of taking proactive measures to protect water systems from cyber threats and ensure the resilience of critical infrastructure in the face of evolving cybersecurity challenges.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and