Within weeks of a cyberattack that impacted hospitals across the country, the U.S. Environmental Protection Agency is now warning about attacks that could impact our water supply.
Ascension Healthcare, which operates hospitals, clinics and senior living facilities in the Chicago area and nationwide, was the victim of a cyberattack earlier this month, WBBM reported. This Monday, the EPA issued an enforcement alert about water system cybersecurity threats.
“Recent EPA inspections have revealed that the majority of water systems inspected – over 70% – do not fully comply with requirements in the Safe Drinking Water Act and that some of those systems have critical cybersecurity vulnerabilities, such as default passwords that have not been updated and single logins that can easily be compromised,” said the administration.
It said that the alert is part of a government-wide effort led by the National Security Council and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to reduce cyberattack vulnerabilities.
“Attacks on the nation’s water system have increased in frequency and severity to a point where additional action is critical,” said the EPA. Apart from the alert, the agency will also ramp up inspections and pursue enforcement action to prevent danger.
“Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks,” said EPA Deputy Administrator Janet McCabe. “EPA’s new enforcement alert is the latest step that the Biden-Harris Administration is taking to ensure communities understand the urgency and severity of cyberattacks and water systems are ready to address these serious threats to our nation’s public health.”
Along with the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, the EPA recommended the following actions to protect water systems, among other suggestions:
· Reduce exposure to public-facing internet and other vulnerabilities
· Conduct regular cybersecurity assessments
· Immediately change default passwords
· Create cybersecurity incident response and recovery plans
· Conduct cybersecurity awareness training
“EPA Administrator Michael S. Regan and National Security Advisor Jake Sullivan also recently sent a letter to the nation’s governors on the urgency of the threats and the importance of collaboration across federal and state partners to develop comprehensive strategies to close gaps in cyber-resilience,” the EPA said.
After this meeting, National Security Council encouraged every state to work on mitigating significant cybersecurity vulnerabilities in their water and wastewater systems by late June. At the same time, the EPA is working with the Water Sector Coordinating Council and Water Government Coordinating Council to establish a Task Force.
After this meeting, the National Security Council encouraged every state to work on mitigating significant cybersecurity vulnerabilities in their water and wastewater systems by late June. At the same time, the EPA is working with the Water Sector Coordinating Council and Water Government Coordinating Council to establish a Task Force.
According to USA Today, “federal agencies have issued numerous advisories for cyberattacks against water and wastewater systems by foreign groups, including the Iranian Government Islamic Revolutionary Guard Corps, Russia state-sponsored actors, and China state-sponsored cyber actors, according to the EPA.”
An Iranian-linked cyber group called Cyber Av3ngers managed to hack into water authority infrastructure in Aliquippa, Pa., last year, said the outlet. Per federal authorities, the group was aiming to disrupt Israeli-made technology in the U.S. CNN reported also reported that a Russian-linked hacking group was tied to a cyberattack that caused a water system in the town of Muleshoe, Texas, to overflow this year.