States Must Report Water-System Cyberthreats
The Biden administration will require states to report cybersecurity threats in their audits of public water systems, the Associated Press reports.
What’s happening: “The Environmental Protection Agency said public water systems are increasingly at risk from cyberattacks that amount to a threat to public health. ‘Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable,’ said EPA Assistant Administrator Radhika Fox. ‘Cyberattacks have the potential to contaminate drinking water.’”
- The EPA, which said voluntary disclosure measures have been ineffective, will help states and water systems build their cybersecurity programs, according to Fox.
- The announcement follows the White House’s release of a larger cybersecurity plan to counter increasing threats to government agencies and other key U.S. infrastructure.
Why it’s important: Surveys show that states are inconsistent when it comes to protecting drinking water from cyberthreats, the Biden administration said. And many water systems lack cybersecurity protections, according to the EPA.
- In 2021, a hacker attempted to poison the water supply of St. Petersburg, Florida, using a remote access system. A supervisor caught the activity on a plant console and stopped it.
Will it work? There’s some doubt about whether the requirements will prove effective, however.
- “Mike Hamilton, former chief security officer for the city of Seattle, said performing such assessments would be hard to do at scale across water utilities, which vary greatly in size and resources across the country.”