Federal Warning Highlights Cyber Vulnerability of US Water Systems

The White House urged operators of water and wastewater systems to review and beef up their security controls against attacks by Iran- and China-based groups.

A new White House advisory about threat groups from Iran and China targeting US water and wastewater systems has once again focused attention on the continuing vulnerability of the sector to disruptive cyberattacks.

The warning — signed jointly by EPA administrator Michael Regan and Jake Sullivan, President Biden’s national security advisor — calls on operators of water and water treatment facilities to urgently review their cybersecurity practices. It advocates the need for stakeholders to deploy cyber-risk mitigation controls where needed and to implement plans to prepare for attacks and to respond and recover from them.

A Call to Action

“In many cases, even basic cybersecurity precautions — such as resetting default passwords or updating software to address known vulnerabilities — are not in place and can mean the difference between business as usual and a disruptive cyberattack,” the White House warned.

The memo stems from concerns over attacks like the one last November on the Municipal Water Authority of Aliquippa in Pennsylvania by an Iranian state-sponsored group called CyberAv3ngers. In that attack, the threat actor gained control of and shut down a Unitronics programmable logic controller (PLC) for monitoring and regulating water pressure in two townships. Though the attack ended up not posing any risks to the drinking water and water supply in the two communities, it served as a warning of the potential damage that adversaries could cause by targeting water systems.

Source: Darkreading.com