EPA finding no improvement in water systems' cyber hygiene.
The U.S. Environmental Protection Agency has said that cyber attacks targeting water utilities across the country have increased in frequency and severity.
In an enforcement alert, EPA urged community water systems to take immediate steps to reduce cybersecurity vulnerabilities and protect the nation's public drinking water supplies. It identified "alarming" cybersecurity vulnerabilities in some water systems, such as default passwords being used, and single logins for all staff, reports USA Today.
EPA said that many of its requirements to protect water systems are "basic cyber hygiene practices," the agency said potential cyber attacks can cause significant impacts on both water utilities and consumers.
Last November, an Iranian-linked cyber group, Cyber Av3ngers, hacked into water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure — and one that includes technology manufactured in Israel.
In March, EPA Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to all 50 U.S. governors asking states to develop a plan to secure water systems against cyber threats.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.