EPA Cracks Down on Cyberattacks Against Water Companies
The Environmental Protection Agency (EPA) has announced it will ramp up scrutiny of community water systems after finding over 70% of those reviewed did not meet security requirements.
The news comes as part of a government-wide effort to mitigate national infrastructure and cybersecurity vulnerabilities as attacks on the nation’s water system have grown in frequency and severity.
“Protecting our nation’s drinking water is a cornerstone of EPA’s mission and we are committed to using every tool, including our enforcement authorities, to ensure that our nation’s drinking water is protected from cyberattacks,” said Janet McCabe, EPA’s deputy administrator.
“EPA’s new enforcement alert is the latest step that the Biden-Harris administration is taking to ensure communities understand the urgency and severity of cyberattacks and water systems are ready to address these serious threats to our nation’s public health.”
In EPA’s recent reviews, it found most water systems did not fully comply with the Safe Drinking Water Act, and some had “critical” cybersecurity vulnerabilities, such as old passwords or easily guessed logins.
In response, the EPA said it would ramp up inspections and take criminal action against those who failed to comply.
Among the recommendations released by the EPA for water companies was to change default passwords, review all operational and IT assets, and conduct cybersecurity awareness training for staff.
EPA is also working to establish a task force to identify additional near-term strategies to reduce cybersecurity risks of water and wastewater systems.
The National Security Council has asked states to identify their most vulnerable water systems and develop strategies to mitigate those risks by late June as part of the government’s push for safer water systems.
Please click HERE to view the original article.