(The Hill) — The Biden administration warned governors Tuesday that “disabling” cyberattacks are targeting drinking water and wastewater systems throughout the country and urged them to help identify and address any vulnerabilities.
Water and wastewater systems can represent an “attractive target” for cyberattacks because of their essential nature and frequent lack of “resources and technical capacity to adopt rigorous cybersecurity practices,” said Michael Regan, the administrator of the Environmental Protection Agency (EPA), and White House national security adviser Jake Sullivan in a letter.
“Even basic cybersecurity precautions — such as resetting default passwords or updating software to address known vulnerabilities — are not in place and can mean the difference between business as usual and a disruptive cyberattack,” Regan and Sullivan said.
They called on the [states’] governors to help ensure all their states’ water systems identify any significant vulnerabilities, put in place practices to reduce cybersecurity risks and exercise plans to prepare for a potential cyber incident.
Cyber actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) and China have recently targeted critical U.S. infrastructure, including drinking water systems, Regan and Sullivan noted.
IRGC-affiliated actors targeted and disabled operational technology at water facilities that failed to change a default manufacturer password late last year, while a Chinese state-sponsored cyber group has compromised the IT environments of several critical infrastructure organizations and appears to be pre-positioning itself to disrupt operations.
“Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted […]
Full article: ktla.com