The White House has invited state environmental, health, and homeland security agencies to a meeting to discuss safeguarding the water and wastewater critical infrastructure.
Set for Thursday, March 21, at 1pm EST, the one-hour virtual meeting will highlight US government efforts to improve cybersecurity in the water sector, discuss gaps, and urge immediate action from states and water systems.
Water and wastewater systems across the US are targeted with disabling cyberattacks that could “disrupt the critical lifeline of clean and safe drinking water,” the White House says in a letter (PDF) to US governors requesting their partnership.
Threats to water systems, the letter reads, include Iranian and Chinese state-sponsored threat actors, which have carried out malicious cyberattacks targeting the US critical infrastructure.
Hacking groups associated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC), the White House says, have targeted drinking water systems, disabling operational technology that used a default manufacturer password.
The letter also notes that the Chinese threat actor Volt Typhoon has infiltrated information technology of US critical infrastructure systems, including drinking water, to pre-position themselves for disrupting their operations in the event of conflicts.
“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the White House notes in its letter.
As such, the Biden-Harris administration is asking government agencies to aid the Environmental Protection Agency (EPA), the governmental entity in charge of safeguarding the water sector, in addressing the risk of cyberattacks on water critical infrastructure.
“We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices to identify any significant vulnerabilities, deploy practices and controls to reduce cybersecurity risks where needed, and exercise plans to prepare for, respond to, and recover from a cyber incident,” the letter reads.
The White House also announced that the EPA will work with water sector partners to form a Water Sector Cybersecurity Task Force aimed at identifying “near-term actions and strategies to reduce the risk of water systems nationwide to cyberattacks”.
The EPA and the cybersecurity agency CISA provide guidance and various resources to help water systems improve their resilience to threats and hazards, the White House also points out.
Related: US Government Issues Guidance on Securing Water Systems
Related: Major US, UK Water Companies Hit by Ransomware
Related: US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities