CRITICAL INFRASTRUCTUREChinese, Iranian Cyberattacks Target U.S. Water Systems
Nation-states are increasingly targeting the U.S. water systems with cyberattacks, according to the Environmental Protection Agency (EPA) and National Security Council (NSC). The EPA and the NSC are urging states to significantly bolster their IT security measures to guard against attacks on critical infrastructure.
Nation-states are increasingly targeting the U.S. water systems with cyberattacks, according to the Environmental Protection Agency (EPA) and National Security Council (NSC). The EPA and the NSC are urging states to significantly bolster their IT security measures to guard against attacks on critical infrastructure.
EPA administrator Michael Regan and Jake Sullivan, assistant to the president for national security affairs, wrote a letter last week to the governors of all fifty states, detailing China- and Iran-backed cyberattacks against U.S. water systems:
Dear Governor:
Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities. We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks.
Two recent and ongoing threats illustrate the risk that cyberattacks pose to the nation’s water systems:
• Threat actors affiliated with the Iranian Government Islamic Revolutionary Guard Corps (IRGC) have carried out malicious cyberattacks against United States critical infrastructure entities, including drinking water systems. In these attacks, IRGC-affiliated cyber actors targeted and disabled a common type of operational technology used at water facilities where the facility had neglected to change a default manufacturer password. See Exploitation of Unitronics PLCs used in Water and Wastewater Systems | CISA for further information on these attacks.
• The People’s Republic of China (PRC) state-sponsored cyber group known as Volt Typhoon has compromised information technology of multiple critical infrastructure systems, including drinking water, in the United States and its territories. Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage. Federal departments and agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions and/or military conflicts. See PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure for further information.
Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices.