Safeguarding Water Systems: Addressing Cyber Threats and Ensuring Resilience

Dr. ADAM TABRIZ
4 min readMar 21, 2024

--

Photo By Bing Copilot

The recent surge in cyberattacks targeting water and wastewater systems across the United States has raised alarm bells within the critical infrastructure community. As threat actors become increasingly sophisticated, the need for robust security measures and interagency cooperation has never been more urgent. In this expository article, we delve into the specific actions recommended to secure water systems, explore the consequences of cyberattacks on affected communities, and shed light on the role of the Environmental Protection Agency (EPA) in addressing this critical issue.

1. Specific Actions to Secure Water Systems

Reducing Exposure to the Public-Facing Internet

Water and Wastewater Systems (WWS) entities must minimize their exposure to the public-facing internet. By limiting access points, they can reduce the risk of unauthorized entry and potential cyber threats.

Regular Cybersecurity Assessments

Frequent assessments are essential to identify vulnerabilities and weaknesses. By conducting regular cybersecurity assessments, WWS entities can proactively address potential risks and enhance their defenses.

Changing Default Passwords Immediately

Cybercriminals often exploit default passwords. WWS entities should promptly change default passwords to unique, strong ones to prevent unauthorized access.

Inventory of Operational Technology/Information Technology Assets

Maintaining an accurate inventory of assets is crucial. To ensure comprehensive protection, WWS entities should identify and track their operational technology (OT) and information technology (IT) assets.

Developing and Exercising Cybersecurity Incident Response and Recovery Plans

Preparedness is key. Well-defined incident response and recovery plans allow WWS entities to respond effectively to cyber incidents and minimize damage.

Backup OT/IT Systems

Regular backups of both OT and IT systems are essential. In case of a cyberattack, having backups ensures continuity and facilitates recovery.

Conducting Cybersecurity Awareness Training

Educating staff about cybersecurity best practices is vital. Regular training sessions help employees recognize threats and adopt secure behaviors.

2. Widespread Cyberattacks on Water Systems

The threat landscape is concerning. Cyberattacks on water and wastewater systems have become increasingly common. While exact numbers may vary, recent incidents indicate that less than 10 water facilities across the U.S. have been affected. These attacks disrupt critical services, compromise data, and jeopardize public health.

3. The Role of the EPA

The Environmental Protection Agency (EPA) is pivotal in safeguarding water infrastructure. Its mission includes ensuring clean air, land, and water for Americans. Specifically, the EPA:

Regulates and Enforces

The EPA regulates the manufacturing, processing, distribution, and use of chemicals and pollutants. It enforces findings through fines, sanctions, and other procedures.

Promotes Energy Efficiency and Environmental Stewardship

The EPA oversees programs to promote energy efficiency, sustainable growth, and pollution prevention. It emphasizes the importance of protecting water quality and critical infrastructure.

Addresses Vulnerabilities

The EPA collaborates with other agencies to address vulnerabilities. It encourages water systems to assess their security, implement best practices, and protect against cyber threats.

4. Why IRGC-Affiliated Threat Actors Target Water Infrastructure

The Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) is behind cyberattacks on water systems. These actors exploit known vulnerabilities, gain initial access, and engage in ransom operations. Their motivations include geopolitical tensions, economic disruption, and potentially undermining governments.

5. Consequences Beyond Disrupting Clean Water Supply

The impact extends beyond water disruption. Cyberattacks can cripple economies, undermine governments, and compromise critical services. For instance, the 2015 cyberattack on Ukraine demonstrated how a well-coordinated attack could ground an entire nation. The consequences are too severe to ignore, necessitating pre-planned contingencies and heightened vigilance.

6. Effective Collaboration for Mitigation

Federal authorities must collaborate closely with sector partners. Information sharing, joint exercises, and coordinated responses are essential. By working together, we can enhance resilience, protect communities, and ensure the uninterrupted flow of clean water.

In conclusion, securing water systems against cyber threats requires collective effort, proactive measures, and unwavering commitment. Let us prioritize the safety of our water infrastructure and fortify our defenses to safeguard public health and well-being.

Source(s)

1. Iran-linked cyberattacks threaten equipment used in U.S. water systems …

2. Iran-linked cyberattacks threaten equipment used in U.S. water systems …

3. What Is the Environmental Protection Agency (EPA)? What It Does

4. What EPA Is Doing About Climate Change | US EPA

5. Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors …

6. With cyberattacks growing more frequent and disruptive, a unified …

7. Cyberattacks are targeting US water systems, warns EPA and White House

8. Iran-linked cyberattacks threaten U.S. water, heath care and energy …

9. Updated: Top Cyber Actions for Securing Water Systems | CISA

10. Cyber Security: How Water Utilities Can Protect Against Threats

11. Cyber Security: How Water Utilities Can Protect Against Threats

12. Ongoing Cyber Threats to U.S. Water and Wastewater Systems

13. Top Cyber Actions for Securing Water Systems — CISA

14. Iran Cyber Threat Overview and Advisories | CISA

15. CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber …

16. Joint Cybersecurity Advisory — Iranian Islamic Revolutionary Guard …

17. IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors … — CISA

18. The real-world impacts of cyberattacks | Security Magazine

19. Our cities are under cyberattack. Here’s why — and what to do about it …

20. Cyberattacks and Supply Chain Disruptions — Liberty Street Economics

21. Our Mission and What We Do | US EPA — U.S. Environmental Protection Agency

22. How the EPA Protects Our Environment and Health — NRDC

--

--

Dr. ADAM TABRIZ

In this vast tapestry of existence, I weave my thoughts and observations about all facets of life, offering a perspective that is uniquely my own.