Connect with us

Hi, what are you looking for?



White House Calls on States to Boost Cybersecurity in Water Sector 

The White House is calling on state environmental, health, and homeland security agencies to convene on safeguarding water systems.

ICS malware Fuxnet

The White House has invited state environmental, health, and homeland security agencies to a meeting to discuss safeguarding the water and wastewater critical infrastructure.

Set for Thursday, March 21, at 1pm EST, the one-hour virtual meeting will highlight US government efforts to improve cybersecurity in the water sector, discuss gaps, and urge immediate action from states and water systems.

Water and wastewater systems across the US are targeted with disabling cyberattacks that could “disrupt the critical lifeline of clean and safe drinking water,” the White House says in a letter (PDF) to US governors requesting their partnership.

Threats to water systems, the letter reads, include Iranian and Chinese state-sponsored threat actors, which have carried out malicious cyberattacks targeting the US critical infrastructure.

Hacking groups associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC), the White House says, have targeted drinking water systems, disabling operational technology that used a default manufacturer password.

The letter also notes that the Chinese threat actor Volt Typhoon has infiltrated information technology of US critical infrastructure systems, including drinking water, to pre-position themselves for disrupting their operations in the event of conflicts.

“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the White House notes in its letter.

As such, the Biden-Harris administration is asking government agencies to aid the Environmental Protection Agency (EPA), the governmental entity in charge of safeguarding the water sector, in addressing the risk of cyberattacks on water critical infrastructure.

Advertisement. Scroll to continue reading.

“We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices to identify any significant vulnerabilities, deploy practices and controls to reduce cybersecurity risks where needed, and exercise plans to prepare for, respond to, and recover from a cyber incident,” the letter reads.

The White House also announced that the EPA will work with water sector partners to form a Water Sector Cybersecurity Task Force aimed at identifying “near-term actions and strategies to reduce the risk of water systems nationwide to cyberattacks”.

The EPA and the cybersecurity agency CISA provide guidance and various resources to help water systems improve their resilience to threats and hazards, the White House also points out.

Related: US Government Issues Guidance on Securing Water Systems

Related: Major US, UK Water Companies Hit by Ransomware

Related: US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.