On Monday, the U.S. Environmental Protection Agency (EPA) issued an enforcement regarding steps to protect drinking water systems against cyber threats.
According to inspections conducted by the EPA, over 70% of water systems in the U.S. are not compliant with the Safe Drinking Water Act. Inspections conducted since September 2023 revealed that critical cyber vulnerabilities are present within drinking water systems across the U.S. These cyber vulnerabilities have resulted from default passwords and authentication systems that can be easily accessed by threat actors. In order to secure these systems, the agency has suggested reducing the internet exposure of systems, changing default passwords, addressing vulnerabilities, and developing incident response and recovery plans. Additionally, conducting regular inspections will aid in mitigating potential at-risk areas. The U.S. has also taken preventative measures by publishing cybersecurity guidance and sanctioning state-sponsored threat actors believed to be responsible for cyber attacks on U.S. critical infrastructure sectors.
Read more: