U.S. EPA placard.

Drinking water warning issued by EPA to millions of customers

The Environmental Protection Agency has issued a critical warning about widespread cybersecurity vulnerabilities in the nation’s drinking water systems that could affect millions of Americans.

On Nov. 13, the EPA’s Office of Inspector General released a report that evaluated 1,062 public drinking water systems that serve about 193 million people.

The report identified 97 systems that supply water to 26.6 million customers with critical or high-risk cybersecurity vulnerabilities. Another 211 systems serving 82.7 million people were found to have moderate and low-risk vulnerabilities.

The EPA said it regularly receives information about cyber incidents in the water sector from the Cybersecurity and Infrastructure Security Agency and the FBI.

The spokesman added, “Overall, the agency agrees with the OIG that a robust cybersecurity program that helps the water sector prevent, detect, respond to, and recover from cyber incidents is critical to protecting public health.”

US EPA label.

The assessment analyzed more than 75,000 IP addresses and 14,400 web domains, focusing on systems serving 50,000 or more residents.

The vulnerability stemmed from inadequate risk assessment and poor security practices, the report said. Issues include failing to change default passwords, using single sign-on for all employees, and not removing access from former employees.

The report highlighted the potential economic impact of cybernetic disruptions to water services. A one-day nationwide disruption could threaten $43.5 billion in economic activity, the company said.

For example, the report added that a one-day outage to California’s State Water Project could result in $61 billion in lost revenue, while an outage to North Carolina’s Charlotte Water could amount to $132 million in losses per day.

“If malicious actors exploited the cybersecurity vulnerabilities we identified in our passive assessment, they could disrupt service or cause irreparable physical damage to drinking water infrastructure,” Nicolas Evans, the OIG’s acting inspector general for investigations, wrote in the report.

Despite these risks, “EPA does not have its own cybersecurity incident reporting system that water and wastewater systems can use to notify EPA of cybersecurity incidents,” Evans said. Instead, it relies on the Cybersecurity and Infrastructure Security Agency for such information.

The warning follows a similar warning issued by the EPA in May that highlighted “alarming cyber security vulnerabilities” at water utilities.

One expert cited a lack of resources and expertise as key challenges for water utilities. Tyler Moore, a professor of cybersecurity at the University of Tulsa, told StateScoop that the findings are “not surprising” because many utilities don’t have the funding or expertise to bring their systems up to required federal cybersecurity standards.

The report’s findings underscore the urgent need for federal investment and support to strengthen the cybersecurity of critical water infrastructure.

EPA Administrator Michael S. Regan and National Security Adviser Jake Sullivan wrote in a March 18 letter to governors: “Drinking water and wastewater systems are an attractive target for cyberattacks because they are a vital sector of infrastructure, but often lack resources and technical means . the ability to adopt rigorous cyber security practices.”

Erik and Lyle Menedez

The Menendez brothers’ family attorney criticized the Los Angeles district attorney

Candace Cameron Bure

How Candace Cameron Bure Protects Her Husband From Kissing Scenes

Leave a Reply

Your email address will not be published. Required fields are marked *