Summary
The U.S. Environmental Protection Agency (EPA) has issued guidance aimed at enhancing cybersecurity practices for water and wastewater systems (WWSs) amidst increasing cyber threats. This initiative comes in response to a series of recent cyberattacks targeting water facilities, prompting the need for robust security measures to protect critical infrastructure.
In the past few months, the water sector has experienced heightened risks, including cyberattacks linked to foreign threat actors. For example, a cyberattack on Arkansas City’s water treatment facility forced a switch to manual operations to safeguard the water supply. Following this incident, the EPA provided guidance to help WWS operators assess their cybersecurity measures and implement strategies to mitigate vulnerabilities. The advisory aligns with warnings from organizations like the Water Information Sharing and Analysis Center (WaterISAC), which highlighted threats from Russian-linked cyber actors. As these incidents underscore the critical need for improved cybersecurity, the EPA’s guidance serves as a crucial resource for water utilities striving to fortify their defenses against potential breaches.
Recent Cyber Incidents
- Arkansas City: A cyberattack led to a temporary switch to manual operations at the water treatment facility, although officials assured the public that water quality remained unaffected.
- American Water: The largest publicly traded water utility in the U.S. shut down certain systems following a cyberattack, although it reported no negative impact on water operations.
Government Response
The EPA’s guidance comes after a broader call from the federal government for states to strengthen their water system defenses against cyber threats. This proactive approach aims to enhance the resilience of critical water infrastructure in the face of growing cyber risks, ensuring the safety and reliability of water services across the nation.
American Water shuts down online services after cyberattack
Oct. 7 / Bleepingcomputer / Covers American Water's proactive response to a cyberattack, emphasizing its scale and the company's commitment to security, while drawing parallels to recent incidents, underscoring the urgency of the EPA's guidance. “ American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday...
Kansas water plant cyberattack forces switch to manual operations
Sep. 24 / Bleepingcomputer / Highlights the immediate impact of the Arkansas City cyberattack, providing timely details and context about heightened threats to water systems, while also linking to broader cybersecurity concerns in the sector. “ Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a...