ALERT: Drinking Water Warning

( – In an effort to avoid widespread disaster, the Environmental Protection Agency (EPA) recently sent out a strong message urging water utilities across the nation to urgently boost their cybersecurity measures.

This move comes after it was found that most U.S. water systems do not fully comply with the Safe Drinking Water Act, as some have critical security flaws like unchanged default passwords and single vulnerable logins.

Cyberattacks on water systems can disrupt treatment and storage processes, damage essential equipment and even alter chemical levels to dangerous extents.

EPA Deputy Administrator Janet McCabe said it was important for water systems to complete thorough risk assessments, including cybersecurity, and integrate these plans into their operations.

Recent incidents highlight the threats posed by international actors. Groups linked to China, Russia and Iran have not only disrupted U.S. water systems but may have embedded capabilities for future attacks.

Notable breaches include actions by the Iranian-linked “Cyber Av3ngers,” a Russian-affiliated hacktivist group targeting Texas utilities, and China-linked “Volt Typhoon,” which compromised systems across U.S. infrastructure.

Cybersecurity expert Dawn Cappelli from Dragos Inc. remarked on these threats’ serious nature, noting, “By working behind the scenes with these hacktivist groups, now these (nation states) have plausible deniability and they can let these groups carry out destructive attacks. And that to me is a game-changer.”

In response to these rising concerns, the EPA and the White House have previously warned about potential cyber threats from groups tied to the Iranian Government’s Islamic Revolutionary Guard Corps.

These warnings stress the vulnerability of water systems, which are crucial but often under-resourced infrastructure sectors.

To help tackle these issues, the EPA is offering free training to water utilities to improve their cybersecurity defenses.

Key recommendations include moving away from default passwords and developing robust risk assessment plans.

Addressing these cybersecurity challenges is especially daunting for the many small, underfunded community water providers in the U.S., which primarily focus on meeting essential needs and regulatory compliance.

Experts like Amy Hardberger from Texas Tech University and Kevin Morley from the American Water Works Association highlight the need for significant federal support to equip these utilities so they can manage cyber threats effectively.

Morley advocates for a balanced approach that accommodates different water systems’ diverse needs and capabilities.

Copyright 2024,