The US Environmental Protection Agency on Friday announced new requirements for public water facilities to boost their cybersecurity while expressing concern that many facilities have failed to take basic steps to protect themselves from hackers.
The new EPA memo requires state governments to audit the cybersecurity practices of public water systems — and then use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient.
“Cyberattacks that are targeting water systems pose a real and significant threat to our security,” EPA Assistant Administrator Radhika Fox told reporters Thursday.
It’s the latest move in a full-court press by the Biden administration to use its regulatory and policy powers to try to raise the cyber defenses of US critical infrastructure that is frequently targeted by cybercriminals and foreign government-backed hackers.
The EPA memo comes a day after the White House released a national cybersecurity strategy that calls for software makers to be held liable when their products leave gaping holes for hackers to exploit.
A wakeup call for cybersecurity in the water sector came mere weeks into the Biden administration, in February 2021, when a hacker infiltrated a Florida water treatment facility and tried to increase the amount of sodium hydroxide to a potentially dangerous level, according to local authorities.
The facility stopped the attack before harm could be done, but the episode alarmed officials in Washington and led to greater federal scrutiny of the water sector’s security practices.
The FBI and US Cybersecurity and Infrastructure Security Agency have warned about multiple ransomware attacks on the computer networks of water and wastewater facilities from California to Maine.
That greater public attention on the issue has…
Read the full article here