Biden administration warns states of possible attacks on water systems from foreign hackers

The Biden administration warned state leaders that cyberattacks from hackers linked to Iran and China could take down water systems across the U.S. if cybersecurity measures are not taken out of precaution.

In a letter to state governors, Environmental Protection Agency administrator Michael S. Regan and Jake Sullivan, the assistant to the President for national security affairs, said cyberattacks are targeting water and wastewater systems throughout the U.S.

“These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” the two wrote.

{snip}

The letter highlighted two recent and ongoing threats posing a risk to water systems in the U.S.

One threat involved hackers linked to the Iranian government’s Islamic Revolutionary Guard Corps (IRGC), which have carried out attacks on drinking water systems and other critical elements of infrastructure.

Regan and Sullivan said the IRGC cyberattacks went after and disabled technology used at water facilities after the facility neglected to change the default manufacturer password.

In the other highlighted threat, the People’s Republic of China (PRC) state-sponsored hacker group, Volt Typhoon, compromised information technology of critical infrastructure systems, including drinking water facilities, in the U.S. and its territories.

“Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage,” the letter read. “Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts.”

{snip}

The EPA is currently the lead agency that addresses and ensures the country’s water is safe from threats and hazards.

Now the agency is asking for state, local, tribal and territorial governments to do their part in ensuring the water sources are safe from cyberattacks.

Something as simple as resetting default passwords or updating software to address known vulnerabilities could be taken to fend off these types of attacks, according to the letter.

The EPA also plans to engage the Water Sector and Water Government Coordinating Councils to establish the Water Sector Cybersecurity Task Force. The task force will be formed to identify significant vulnerabilities of water systems to cyberattacks as well as the challenges these systems face when it comes to adopting cybersecurity best practices.

{snip}

Sullivan and Regan also plan to hold a virtual meeting with state leaders on Thursday to discuss the need to safeguard the critical water sector against cyberattacks.

“Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks,” Regan said. “EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems.”

* Original Article:

https://www.foxnews.com/politics/biden-administration-warns-states-possible-attacks-water-systems-foreign-hackers.amp