White House, EPA warn water sector of cybersecurity threats – CyberScoop

By

The White House sent a stark warning to U.S. governors on Monday that “disabling” cyberattacks targeting water systems are occurring throughout the United States, in what is the Biden administration’s latest plea to state authorities to direct more resources and attention to protecting water utilities. 
In their letter, the White House and the Environmental Protection Agency invited state officials to a Thursday meeting to discuss how to improve digital defenses for the more than 150,000 utilities in the U.S. The EPA is also setting up a water sector cybersecurity task force that will outline some of the biggest challenges the sector faces and develop strategies to defend against the threat.
“Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” National Security Advisor Jake Sullivan and EPA Administrator Michael Regan wrote in the letter.
The letter pointed to the China-sponsored hacking group Volt Typhoon’s targeting of critical infrastructure sectors like drinking water in the U.S. as an example of the threat. National security officials have been sounding the alarm that Volt Typhoon’s intrusion suggests that China is pre-positioning itself to carry out disruptive attacks in the event of a conflict over Taiwan.
Speaking to reporters last week ahead of his retirement, NSA Cybersecurity Director Rob Joyce warned that federal investigators are continuing to discover victims of Volt Typhoon’s hacking campaign and that the full scope of the group’s spree remains unclear.
According to Joyce, the campaign has two primary objectives: being able to disrupt U.S. communication with and military deployment to East Asia in the event of a conflict between the United States and China, and to disable critical U.S. systems and incite widespread panic in a crisis. 
Monday’s letter, points out that water systems face attacks by other groups as well, including opportunistic attacks by a group known as the Cyber Av3ngers — an outfit linked to the Iranian Islamic Revolutionary Guard Corps. That group was responsible for attacks on devices made by the Israeli firm Unitronics that impacted several water facilities in the U.S.
While there is no evidence that the attacks were specifically targeting the water sector, the Iran-linked hacking group was only able to breach the devices due to the failure of Unitronics and the water facilities to change the default password. The letter said that basic cybersecurity precautions like changing the default password “can mean the difference between business as usual and a disruptive cyberattack.”
The EPA had attempted to impose more stringent cybersecurity rules for water utilities, but backed off that effort last year amid legal challenges to the effort. 
The EPA initiative relied on a creative approach to use the agency’s sanitation authorities to impose some measure of cybersecurity mandates on a water industry that currently lacks binding rules for how to protect its digital systems. 
The move was part of a larger attempt to add more stringent cybersecurity regulations to critical infrastructure sectors, many of which are unregulated when it comes to cybersecurity. In the absence of the EPA rules, the water sector continues to have no binding cybersecurity rules. 
Major portions of the water sector are notoriously underfunded to secure themselves against state-backed threats, and experts have called for the need for additional funds in order to improve defenses.
Monday’s letter points to existing resources for the sector through both the EPA and the Cybersecurity and Infrastructure Security Agency, and notes that the upcoming meeting will highlight efforts by the government to promote secure practices as well as discuss the need for additional action.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *