The Biden administration has issued a stark warning to the nation’s governors about the increasing threat of cyberattacks on the United States’ water and wastewater systems. National Security Affairs assistant Jake Sullivan and Environmental Protection Agency Administrator Michael S. Regan alerted in a joint letter that foreign nations are orchestrating disabling cyberattacks targeting the operations of these critical utilities. These attacks pose a significant threat to the provision of clean and safe drinking water, potentially leading to substantial impacts on communities.

Two notable incidents were highlighted to underscore the severity of the threat.

• First, a facility, indirectly identified as the Municipal Water Authority of Aliquippa in Pennsylvania, was compromised by Iranian government-backed hackers using a default administrator password, leading to a temporary shutdown of a critical water pump.
• The second incident involved the Chinese government-backed group, Volt Typhoon, which has infiltrated multiple critical infrastructure sectors, including water, preparing for potential disruption in the event of crises. This group has been lurking within some networks for up to five years.

In response to these threats, the letter urges water facilities to adopt basic cybersecurity measures like changing default passwords and updating software. It also references a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and the EPA to provide resources, guidance, and a task force aimed at identifying vulnerabilities within water systems.

A meeting for state governors’ secretaries is scheduled to discuss strategies for enhancing the sector’s cybersecurity resilience, marking a serious commitment by federal agencies to combat these cyber threats.