US says cyberattacks against water supplies are rising, and utilities need to do more to stop them

It’s concerning to hear about the increasing frequency and severity of cyberattacks on water utilities. The Environmental Protection Agency (EPA) has issued an enforcement alert urging water systems to take immediate action to protect the nation’s drinking water.

According to the EPA, about 70% of utilities inspected by federal officials in the past year have violated standards meant to prevent breaches and intrusions. Even small water systems need to improve their protections against hacks, as recent cyberattacks by groups affiliated with Russia and Iran have targeted smaller communities.

The EPA alert highlights some basic shortcomings in water systems, such as failure to change default passwords or revoke system access for former employees. Since water utilities rely on computer software for their operations, it’s crucial to protect their information technology and process controls.

The potential impacts of cyberattacks on water systems include interruptions to water treatment and storage, damage to pumps and valves, and alteration of chemical levels to hazardous amounts. The EPA emphasizes the importance of conducting risk assessments that include cybersecurity and implementing plans to address vulnerabilities.

It’s worth noting that recent attacks on water utilities are not just carried out by private entities but also by geopolitical rivals. These attacks pose a significant risk to the supply of safe water to homes and businesses.

It’s essential for water utilities to prioritize cybersecurity measures to safeguard the integrity and availability of our drinking water.