The alert comes in response to a series of cyberattacks on U.S. water systems. Notably, Russian hacktivists targeted several Texas water systems in April, causing an overflow at a utility in Muleshoe, and the Israeli firm Unitronics, a manufacturer of industrial control equipment, was attacked in November. The Cyb3r Avengers, linked to Iran’s military intelligence, claimed responsibility for the latter attack.
Deputy Administrator Janet McCabe stated that protecting drinking water is central to the EPA’s mission, and the agency is committed to using enforcement to safeguard against cyberattacks. The EPA plans to step up inspections of community water systems, defined as those providing year-round drinking water to over 3,300 people. More than 100 enforcement actions have already been taken since 2020 for non-compliance with risk assessments and response plans under the SDWA, and further actions, including criminal sanctions, are possible for false certifications.
The EPA has faced challenges in imposing cybersecurity mandates on the water sector, with opponents arguing the agency overstepped its authority. Industry groups advocate for a dedicated federal regulator for the water sector, similar to the electric sector. Recently, Representatives Rick Crawford and John Duarte introduced the Water Risk and Resilience Organization Establishment Act to create such a governing body focused on cybersecurity and water systems.
The EPA and the White House have also sent a letter to governors warning of cyber threats to water systems and inviting state officials to a meeting with federal representatives to discuss these threats. The letter highlighted the potential threat from groups like Volt Typhoon, a Chinese-linked hacking group, which could target U.S. critical infrastructure during conflicts.
Source: CyberScoop
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.