Hackers target important water systems for various purposes in such a way as it can compromise the systems to alter its quality, interrupt supply, or even potentially put public health at risk.
All these things show the weakness of critical infrastructure to cyber-attacks.
Recently, the White House office warned that hackers are actively attacking critical US water systems.
U.S. water systems face dangerous cyber-attacks that threaten to interrupt clean water supplies and increase expenses.
The said paragraph highlights these threats and calls for a united stand towards ensuring the safety of the water system from emerging risks of cyber attack.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Recent And Ongoing Threats
There are two recent and ongoing threats that we have mentioned below:-
- Iranian IRGC actors conducted cyberattacks on U.S. critical infrastructure, including water systems. They exploited default passwords in operational technology at facilities.
- Chinese state-sponsored Volt Typhoon group compromised U.S. critical infrastructure IT systems, including water facilities. Their activities suggest pre-positioning to disrupt operations amid tensions/conflicts.
Water systems lack resources for robust cybersecurity, making them attractive targets.
EPA leads federal efforts to enhance water sector resilience through partnerships with state/local governments.
Researchers urged users to assist in addressing widespread cyber risks to drinking water utilities.
Security analysts need your help ensuring water utilities assess cybersecurity vulnerabilities, implement risk reduction controls, and exercise incident response plans.
Basic precautions, such as changing default passwords and patching, can prevent disruptive attacks. For recommendations on improving water system cyber defenses, refer to CISA.
Federal agencies like EPA and CISA, along with sector associations, offer cybersecurity guidance, tools, training, and technical assistance for water utilities.
State leadership connecting utilities to these resources is crucial for assessing and mitigating cyber risks.
State homeland security advisors can facilitate access to federal cyber threat information.
The White House officials will invite your state’s relevant cabinet secretaries to a meeting highlighting current efforts and gaps in securing water infrastructure from cyber threats.
This convening will stress the urgent need for action. EPA will form a Water Sector Cybersecurity Task Force with the Water Sector and Government Coordinating Councils.
Building on the state secretary’s input, it will identify top water system cyber vulnerabilities, challenges to adopting best practices, and recommend near-term actions and long-term strategies to reduce nationwide cyber risks.
The White House and EPA hope these joint efforts safeguard water systems from cyberattacks, preventing the need for further federal action.
However, besides this, contact EPA’s Janet McCabe and NSC’s Anne Neuberger to engage further.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.