EPA moves to form Water Sector Cybersecurity Task Force

0
hacker-stock-image
The joint agency letter went on to describe the pattern of behaviour from the China-based cyberthreat as “not consistent with traditional cyber espionage”. Photo Credit: Peshkov, stock.adobe.com

The U.S. Environmental Protection Agency (EPA) is forming a Water Sector Cybersecurity Task Force to combat hacking threats faced by water systems throughout the country.

The March 19 joint announcement with the National Security Council (NSC) said the task force will identify near-term actions and strategies and aim to prevent vulnerabilities in water systems to reduce the risk of cyberattacks. 

“Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks,” announced EPA Administrator Michael Regan in a statement. 

The EPA and NSC held a virtual meeting on March 21 that invited state level environmental, health and homeland security secretaries to discuss priority gaps in cybersecurity efforts.

Subscribe to our Newsletter!

The latest environmental engineering news direct to your inbox. You can unsubscribe at any time.

The invitation highlighted two actors that pose ongoing cybersecurity threats, including the Iranian Government Islamic Revolutionary Guard Corps, and the People’s Republic of China state-sponsored cyber group known as Volt Typhoon. 

The Iran-based threats made headlines in late 2023. The Municipal Water Authority of Aliquippa, Pennsylvania, shared a photograph of a hacked human-machine interface from a compromised Unitronics PLC at a pump boosting station on November 25. The screen displayed the hacker’s electronic calling card: “Every equipment made in Israel is Cyber Av3ngers legal target.” 

The joint agency letter went on to describe the pattern of behaviour from the China-based cyberthreat as “not consistent with traditional cyber espionage”.

“Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts,” the agencies noted.

The EPA said it will engage the Water Sector and Water Government Coordinating Councils to form the Water Sector Cybersecurity Task Force, and build on recommendations from the virtual meeting. 

The EPA reminded water authorities that it has guidance, tools, training, resources, and technical assistance to help water systems execute cybersecurity tasks.   

In late 2023, a federal appeals court decision prompted the EPA to rescind its plan to mandate cybersecurity testing within the water utilities sector. The decision followed legal challenges by water associations that described the plan’s measures as costly and flawed.

No posts to display

LEAVE A REPLY

Please enter your comment!
Please enter your name here