States face ongoing cyber threats to water infrastructure, White House warns

March 20, 2024
1 min read

TLDR:

  • The White House has warned states of ongoing cyber threats to water infrastructure from China and Iran-linked hackers.
  • EPA Administrator Michael Regan and National Security Advisor Jake Sullivan encouraged states to assess cybersecurity practices and implement safeguards.

The Environmental Protection Agency and National Security Council have issued a warning to state governors about the continued cyber threats targeting water infrastructure. The letter, addressed to state governors, highlights the vulnerability of drinking water and wastewater systems to cyberattacks due to a lack of resources and technical capacity for robust cybersecurity practices. The warning comes after the U.S. sanctioned Iran-linked hackers in February for breaching water treatment systems in multiple states last year.

The letter also mentions Volt Typhoon, a hacking group linked to the Chinese government, which has been targeting U.S. critical infrastructure. The Biden administration has been working to strengthen protections for water treatment facilities against cyber threats, but faced legal challenges in implementing cybersecurity evaluations for water systems. The administration plans to engage states’ Environmental, Health, and Homeland Security secretaries in discussions about safeguarding the U.S. water sector and collaborating with the Cybersecurity and Infrastructure Security Agency on developing defenses.

In response to the ongoing threats, a group of water trade representatives have urged Congress to provide more federal funding for training and resources to defend water infrastructure. The letter serves as a call to action for states to assess their current cybersecurity practices and enhance protections against cyber threats to water systems.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and