The Biden administration has warned state leaders that unless they take precautionary cybersecurity measures, a cyberattack from hackers linked to Iran or China could bring down water systems across the United States.
Environmental Protection Agency Administrator Michael S. Regan and National Security Advisor Jake Sullivan said in a letter to state governors that cyberattacks are targeting water and wastewater systems across the United States.
“These attacks can disrupt critical lifelines of clean, safe drinking water and impose significant costs on affected communities,” they wrote. “We are writing to explain the nature of these threats and request your cooperation in taking important actions to protect water systems from the growing risk and impact of these attacks.”
The letter highlighted two recent and ongoing threats that pose a risk to U.S. water systems.
Former Google engineer charged with stealing AI secrets to support Chinese companies
Cyber security logo on hand (Kurt “Cyber Guy” Knutson)
One of the threats came from hackers associated with the Iranian government’s Islamic Revolutionary Guards Corps (IRGC), which carried out attacks on drinking water systems and other critical elements of infrastructure.
Regan and Sullivan said the IRGC’s cyberattack targeted and disabled technology used by water utilities because they failed to change default manufacturer passwords.
In another high-profile threat, Bolt Typhoon, a People’s Republic of China (PRC) state-sponsored hacker group, compromised the information technology of critical infrastructure systems, including drinking water facilities in the United States and its territories.
House of Representatives unanimously votes to keep sensitive U.S. data out of the hands of adversaries
The Biden administration has warned state governors about two threats targeting America’s drinking water and wastewater systems. (AP Photo/Steve Herber) (AP Photo/Steve Herber)
“Bolt Typhoon’s target selection and behavioral pattern are inconsistent with traditional cyber espionage,” the letter said. “Federal agencies assess with high confidence that Bolt Typhoon attackers are prepositioning to disrupt critical infrastructure operations in the event of geopolitical tensions or military conflict. are doing.”
The letter also noted that drinking water and wastewater facilities are “attractive” targets for hackers because they often lack the resources and technical capacity to adapt to modern cybersecurity practices.
EPA is now the primary agency responsible for ensuring the nation’s waters are safe from threats and hazards.
Fusion leaders meet in Washington, D.C., to raise money in race against China
White House National Security Adviser Jake Sullivan speaks during a press conference at the White House in Washington, Monday, March 18, 2024. (AP Photo/Andrew Harnik)
The agency is now asking state, local, tribal, and territorial governments to do their part to ensure water sources are safe from cyberattacks.
The letter said simple steps such as resetting default passwords and updating software to address known vulnerabilities could prevent this type of attack.
EPA will also work with the water sector and the Water Government Coordinating Council to establish a Water Sector Cybersecurity Task Force. The task force will be established to identify the critical vulnerabilities of water systems to cyber-attacks and the challenges these systems face in implementing cybersecurity best practices.
“We invite the Secretaries of Environment, Health, and Homeland Security to convene to discuss improvements needed to protect the water sector’s critical infrastructure from cyber threats,” the letter reads.
CLICK HERE TO GET THE FOX NEWS APP
Sullivan and Regan will also hold a virtual meeting with state leaders on Thursday to discuss the need to protect the critical water sector from cyberattacks.
“Drinking water and wastewater systems are a lifeline for communities, but many systems do not employ critical cybersecurity practices to thwart potential cyberattacks,” Regan said. “EPA and NSC take these threats very seriously and will continue to work with state environmental, health, and homeland security leaders to address the pervasive and difficult risks of cyberattacks on water systems. To go.”
