The White House has sounded an alarm over the increasing threat of cyberattacks aimed at the United States’ drinking water and wastewater systems. In a letter addressed to governors across the country, Environmental Protection Agency (EPA) Administrator Michael Regan and White House National Security Adviser Jake Sullivan highlighted the essential nature of these systems and their vulnerability to cyber threats due to often insufficient cybersecurity practices. They stressed the importance of basic cybersecurity measures, such as changing default passwords and updating software, in preventing potential disruptions.
The administration’s concern is partly based on recent cyber activities by actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) and Chinese state-sponsored groups. These actors have targeted critical U.S. infrastructure, demonstrating the capability and intent to disrupt operations. Specifically, IRGC-affiliated hackers have been reported to disable operational technology at water facilities by exploiting unchanged default manufacturer passwords. Similarly, a Chinese cyber group, referred to as Volt Typhoon, has compromised several critical infrastructure entities’ IT environments, seemingly positioning itself to disrupt operations in the event of increased escalation between the U.S. and China.
The administration reportedly plans to convene a meeting with state environmental, health, and homeland security secretaries to discuss these cyber threats further and is in the process of forming a Water Sector Cybersecurity Task Force.
Expanded Coverage:
