Most Water Systems Fail To Meet Code
In a recent report, federal agencies found that more than 70% of the United States drinking water systems don’t fully comply with the Safe Drinking Water Act requirements.
Source: Ivan Bandura/Unsplash
The EPA added that many water utility companies lack critical cybersecurity protections. Customer data can easily be accessed by sophisticated hackers who intend to penetrate web pages and servers. Even more, hackers can infiltrate systems to stop the flow of drinking water, alter the usage of chemicals, and more.
Recent Cyber Attacks Compromised a Third of All American’s Data
A recent cyberattack on a UnitedHealth Group subsidiary compromised the detailed billing information of almost a third of all U.S. residents. A group of hackers by the monicker “BlackCat” shut down the billing system that accounts for billions of dollars collected daily.
Sora Shimazaki/Pexels
The company was able to reinstate its billing process when the company’s CEO wired the hackers $22 million as a ransom payment. The attack that took place in February is still under investigation, and the full scope of compromised data has yet to be determined.
Potential Impacts of Cyberattacks
The full implications of cyberattacks on water utility companies have yet to be fully known. But for now, the possibilities include interruptions to water treatment and storage and damage to pumps and valves. Chemicals used in water and sewage treatment facilities could also be altered to a dangerous level.
Source: Freepik
The EPA warns that hackers could interrupt the computer processes that help many water facilities run. In a press release, EPA Deputy Administrator Janet McCabe said, “In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business.”
Possible Culprits Identified
The press release details that China, Russia, and Iran have “disrupted some water systems with cyberattacks and may have embedded the capability to disable them in the future.”
Source: Egor Filin/Unsplash
The constant manipulation by foreign governments has raised concerns about national security in the past. Recently, Russia has been accused of attempting to interfere with the 2024 U.S. Presidential election.
Recent Cyberattacks: a Warning of More To Come
In late 2023, an Iranian hacker group known as “Cyber Av3ngers” threatened a small Pennsylvania town’s water provider. A utility company in Texas faced similar threats when a Russian-linked “hacktivist” group attempted to disrupt regular operations.
More cyberattacks were recorded when a group in China called “Volt Typhoon” compromised multiple infrastructure systems, including drinking water in the U.S. and worldwide. Experts warn that more attacks are expected as the world becomes increasingly accessible online.
The White House Warned of Water-Related Attacks in March
The EPA’s alert on Monday closely follows the White House’s warnings in March that potential attacks threatened the U.S.’s water systems.
Source: Wikimedia Commons
The White House issued a letter to all 50 U.S. governors detailing detailed information. The letter noted that the Iranian Government Islamic Revolutionary Guard Corps (IRGC) has executed several “malicious cyberattacks” against drinking water systems and other infrastructure.
Water Systems are Attractive Targets for Hackers
Micheal S. Regan, an EPA administrator, and White House National Security Adviser Jake Sullivan wrote that “Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices.”
Source: @no_okiedoke/X
Cutting off essential services to residents could pose an immediate danger. Hackers often look for the most vulnerable systems that they can exploit to accomplish their goals.
Better Training Needed for Water Utility Companies
To better protect essential infrastructure, more comprehensive training and systems updates will be needed by the wastewater companies.
Source: Kristine Wook/Unsplash
Better cyber security can only protect the American people and prevent covert attacks. Hackers often use weak spots in security systems to access detailed customer information or sensitive company processes.
The EPA Will Assist in Training Water Utility Companies
To gain better security, smaller water companies will have the free assistance of the EPA to upgrade their security measures. McCabe said water providers should avoid using default passwords and will need to update their risk assessment plan in case of an emergency.
Source: Wikimedia Commons
Water treatment plants also need functioning backup systems in case hackers can destroy them from the inside.
Cyberthreats Will Be Difficult To Deal with in the Expansive System
More than 50,000 community water providers operate throughout the U.S. Helping each of these small companies will be an expansive task. Many operate with minimal staff and tiny budgets without much room for costly cyber upgrades.
Source: @WaterUCIrvine/X
Most water providers in the country focus on meeting basic needs, providing clean water, and complying with basic regulations.
More Resources Are Needed To Resolve the Threat
Amy Hardberger, a water expert at Texas Tech University, said of the security overhaul, “Certainly, cybersecurity is part of that, but that’s never been their primary expertise. So, now you’re asking a water utility to develop this whole new sort of department.”
Source: @TexasTech/X
Forcing small utility companies to overhaul their systems or create entirely new departments is a lot to ask. The government will need more resources to assist in protecting national security on a small scale.