EPA cyberattack overview:
- Who: The Environmental Protection Agency (EPA) issued an enforcement alert to community drinking water system operators.
- Why: Many community drinking water system operators allegedly have vulnerable systems.
- Where: The EPA made the announcement from its Washington, D.C., office.
The Environmental Protection Agency (EPA) issued an enforcement alert to community drinking water system operators over potential cyberattacks.
The EPA worked with the National Security Council and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on the EPA cyberattack warning.
Threats against drinking water systems across the United States have increased, along with attacks to those systems, leading to the EPA drinking water alert, the warning states.
“Protecting our nation’s drinking water is a cornerstone of EPA’s mission, and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks,” EPA Deputy Administrator Janet McCabe says in the warning.
In March, the EPA sent a letter to governors regarding the water system threats and the importance of collaboration between federal and state networks to develop comprehensive strategies and reduce cyberattack risks.
70% of systems don’t comply with Safe Drinking Water Act, EPA says
EPA cyberattack inspections found 70% of systems do not comply with the Safe Drinking Water Act and have critical vulnerabilities such as the use of default passwords and single logins that would allow systems to be compromised, according to the warning.
The EPA drinking water alert comes as federal security and intelligence organizations work to identify vulnerabilities and learn from successful cyberattacks against U.S. water systems.
The EPA will increase planned inspections and take both civil and criminal enforcement actions in situations where it finds imminent and substantial risk, the alert says.
The EPA and its enforcement partners recommend systems:
- Reduce exposure to public-facing internet
- Conduct regular cybersecurity assessments
- Change default passwords immediately
- Conduct an inventory of OT/IT assets
- Develop and exercise cybersecurity incident response and recovery plans
- Back up OT/IT systems
- Reduce exposure to vulnerabilities
- Conduct cybersecurity awareness training
In other EPA news, the agency recently finalized the first-ever regulations for per- and polyfluoroalkyl substances (PFAS) in drinking water.
Are you concerned about a cyberattack to your local drinking water system? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
4 thoughts onEPA warns majority of drinking water systems vulnerable to cyberattack
Add me
Today I received a letter from the local water company. Quality Water Parameters should have been tested 10 samples per quarter. No samples were tested from October 1, 2023 to December 31, 2023. Heck we don’t know if our water is buggered up at this time.
We got a letter in the mail that our drinking water out of 7 tests sites, 2 of them contained lead, since I moved here, I’ve been so tired and my skin has a terrible rash, I’m very concerned it’s the water
I’m very concerned about the drinking water. I live in a suburb of Chicago where it’s well water and you can barely drink it now.