BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Conquering Fear To Unleash Generosity In Philanthropy
The Best Workforce For Your Organization May Be A Talent Network
Shaken (Not Stirred) Competition: The Rise Of Aston Martin In F1
Consumer Data Privacy Regulation Is Now In The Spotlight
Finding Our Soul In Civility
How Professional Sports Leagues Can Thoughtfully Expand In Africa
Edit Story
ForbesLeadershipLeadership Strategy

Biden Administration Seeks To Bolster Defenses Against Cyberattacks On Water Systems

Edward Segal
Senior Contributor
Opinions expressed by Forbes Contributors are their own.
I cover crisis-related news, issues and topics.
Following
This article is more than 2 years old.

A new initiative announced by the Biden administration is designed to help bolster the country’s defenses against possible cyberattacks on the country’s 150,000 public water systems that serve 300 million Americans.

According to a White House fact sheet, the Water Sector Action plan outlines actions that will take place over the next 100 days to improve the cybersecurity of the water sector.

It noted that, “the incidents at Colonial Pipeline, JBS Foods, and other high-profile critical infrastructure providers are an important reminder that the federal government has limited authorities to set cybersecurity baselines for critical infrastructure and managing this risk requires partnership with the private sector and municipal owners and operators of that infrastructure.”

Similar to electric and pipeline action plans, the White House said the new plan will assist owners and operators with deploying technology that will monitor their systems and provide near real-time situational awareness and warnings. The plan will also allow for rapidly sharing relevant cybersecurity information with the government and other stakeholders, which will improve the sector’s ability to detect malicious activity.

‘An Increasing Threat To Water Systems’

EPA Administrator Michael Regan said cyberattacks represent an "increasing threat to water systems and thereby the safety and security of our communities."

MORE FROMFORBES ADVISOR

Best Travel Insurance Companies

By
Amy Danise
Editor

Best Covid-19 Travel Insurance Plans

By
Amy Danise
Editor

"As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America," Regan said. "EPA is committed to working with our federal partners and using our authorities to support the water sector in detecting, responding to, and recovering from cyber-incidents."

According to the EPA, The Water and Wastewater Sector Action Plan focuses on promoting and supporting the water sector’s adoption of strategies for the early detection of cyber-threats and allow for the rapid sharing of cyber-threat data across the government in order to expedite analysis and action. Actions include:

  • Establishing a task force of water sector leaders.
  • Implementing pilot projects to demonstrate and accelerate adoption of incident monitoring.
  • Improving information sharing and data analysis.
  • Providing technical support to water systems.

Advisory From Federal Security Agencies

Last October, the Cybersecurity and Infrastructure Agency issued a joint advisory with other security agencies. It highlighted “ongoing malicious cyber activity—by both known and unknown actors—targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities.

“This activity—which includes attempts to compromise system integrity via unauthorized access—threatens the ability of [water systems] to provide clean, potable water to, and effectively manage the wastewater of, their communities.”

Cyberattack On Florida Water Treatment Facility

CNN reported last year that, “Cybersecurity experts have long warned that insecure remote work software is a major source of weakness for hacking.

“The issue was brought into stark relief on February 5, when hackers gained access to a Florida water treatment facility by using a dormant remote access software and then tried to poison the water supply. The hack was quickly caught by a human operator at the facility, but the incident highlights a potential economy-wide problem as the Covid-19 pandemic has pushed millions of workers to work from home.”

Attempt To Poison Water Treatment Plant

In June 2021, NBC News reported that a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. “It didn’t seem hard. The hacker had the username and password for a former employee's TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.

“But of all the country's critical infrastructure, water might be the most vulnerable to hackers: the hardest in which to guarantee everyone follows basic cybersecurity steps, and the easiest in which to cause major, real-world harm to large numbers of people.”

‘Starved For Funding’

Riggs Eckelberry, founder and CEO of OriginClear, a water treatment equipment company, observed that, "Washington has displayed a dismaying lack of interest in our 150,000 water systems—perhaps because they are local and relatively unregulated. The reasons are complex but the bottom line is we are falling behind by $75 billion every year in terms of water infrastructure need.

He noted that, “We are quite unprepared” for a major cyberattack on U.S. water system. “There are few reservoirs of clean water outside of the municipal water districts and we are frankly, not ready.”

Follow me on Twitter or LinkedInCheck out my website or some of my other work here
Edward Segal
Edward Segal