U.S. Lawmakers Seek To Strengthen Cybersecurity At Drinking Water Plants
Following an unprecedented cyberattack on a water treatment plant in Oldsmar, Florida, bipartisan lawmakers are attempting to institute new legislation that would better protect critical infrastructure in the future.
If passed, the Department of Homeland Security Industrial Control Systems Act would grant additional authority to the nation’s Cybersecurity and Infrastructure Security Agency (CISA) to protect systems like water utilities against digital attacks. CISA would be expected to detect and respond to such attacks and provide information on potential vulnerabilities to critical infrastructure groups.
“Lawmakers rolled the bill out a month after officials in Oldsmar, Fla., announced that a hacker had unsuccessfully attempted to tamper with systems at the town’s water treatment facility to poison the water,” The Hill reported. “[House Homeland Security Committee ranking member John] Katko… emphasized the need to strengthen the CISA in the face of evolving threats and as it works to respond to several recent major cyberattacks.”
As the U.S. House of Representatives weighs the merits of the bill, it’s clear that there is an emerging threat to drinking water systems’ ability to provide safe effluent. The Oldsmar attack demonstrated to many just how susceptible some of this infrastructure can be in the face of sophisticated cyber criminals.
“The experts say the sorts of rudimentary vulnerabilities revealed in the breach — including the lack of an internet firewall and the use of shared passwords and outdated software — are common among America’s 151,000 public water systems,” according to ProPublica. “The consequences of a major water system breach could be calamitous; thousands sickened from poisoned drinking water; panic over interrupted supplies; widespread flooding; burst pipes and streams of overflowing sewage.”
But beefing up cybersecurity at drinking water utilities, along with other critical infrastructure systems, won’t be easy. It would likely require the passage of this latest bill, along with others and continued diligence to truly address the growing threat that cyberattacks pose. Even the $650 million approved to support CISA as part of a recent COVID-19 relief package is a mere drop in the bucket.
“$650 million … is a down payment,” Acting CISA Director Brandon Wales said, per The Hill. “It accelerates some of these efforts, but this is going to require sustained investment.”
To read more about how drinking water systems work to prevent cyberattack, visit Water Online’s Resiliency Solutions Center.