Matthew Impelli
A warning about drinking water was issued nationwide this week over concerns about potential cyberattacks.
"Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities," Michael S. Regan, an administrator with the Environmental Protection Agency (EPA) and White House National Security Adviser Jake Sullivan, said in a letter to governors nationwide.
"We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks," the letter added.
The letter noted that threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) have executed several "malicious cyberattacks" against the U.S.'s infrastructure, such as drinking water systems.
"In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password," the letter said.
In November, CNN reported that federal authorities were investigating an Iranian cyberattack on a water utility facility in Pennsylvania.
"We are closely engaged with sector and interagency partners to understand this evolving situation and provide any necessary support or guidance," Cybersecurity and Infrastructure Security Agency (CISA) senior official Eric Goldstein said in a statement to CNN.
In a joint statement, Pennsylvania lawmakers including Congressman Chris Deluzio and Senators Bob Casey and John Fetterman said, "If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States. Folks in Pennsylvania and across the country deserve peace of mind that basic infrastructure such as their drinking water is safe from nation-state adversaries and terrorist organizations."
The letter from the EPA and the White House added that officials are aware of a People's Republic of China (PRC) state-sponsored cyber group called, Volt Typhoon, which has "has compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories."
"Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices," the letter said.
"We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices to identify any significant vulnerabilities, deploy practices and controls to reduce cybersecurity risks where needed, and exercise plans to prepare for, respond to, and recover from a cyber incident."
No comments:
Post a Comment