By Peter Chawaga
As hacking attempts have become a larger threat to some of the country’s most critical infrastructure, President Biden’s administration is getting ready to follow through on promises to tighten cybersecurity efforts and better protect that infrastructure.
“The Biden administration is readying a proposal to shore up the cybersecurity of the U.S. water supply, a system maintained by thousands of organizations with sometimes glaring vulnerabilities to hackers,” The Wall Street Journal reported. “The plan broadens a White House initiative to persuade key industrial companies to upgrade technology for detecting cyberattacks. U.S. officials hope water utilities will analyze and voluntarily report such data to help authorities monitor threats to different types of critical infrastructure.”
U.S. authorities recently revealed that at least four ransomware attacks had infiltrated water and wastewater facilities in recent months, with bad actors nearly managing to poison drinking water in Florida, California, and Maryland.
“The move comes amid deep concern about the damage hackers could do to critical infrastructure, with an attack that damages or contaminates water supplies being extremely dangerous,” as The Washington Post put it. “Water utilities are especially vulnerable because their cybersecurity often depends on the resources of their jurisdictions.”
Those recent hacking instances have apparently motivated authorities to seek ways that water systems can better protect themselves, and potentially ways that their jurisdictional resources can be improved. Trade groups within the water sector are reportedly now evaluating the White House’s draft and determining how federal officials could help systems better report the data on these attacks.
“As a part of the White House plan, the Environmental Protection Agency, which oversees the cybersecurity of water utilities, will work with the Cybersecurity and Infrastructure Security Agency to help utilities improve their ability to spot such attacks,” per the Journal.
But the White House has declined to set a specific date for when the initiative would be launched, and it appears to have obstacles of its own. The EPA has not placed cybersecurity requirements on utilities, and it may be a challenge to get such a wide network of systems to comply with a large program like this voluntarily.
“Implementing such programs could be challenging for the water sector,” the Journal reported. “More than 50,000 entities maintain the U.S. water supply … while security experts have criticized the EPA for lacking cyber staff and expertise to oversee such a fragmented sector.”
Still, as the threat of cyberattacks on these critical systems increases, any federal efforts to curb that threat will almost certainly be welcomed by drinking water and wastewater utilities.
To read more about how drinking water and wastewater utilities manage the threat of cyberattack, visit Water Online’s Resiliency Solutions Center.