Aging US water systems under attack by ransomware

Share post:

Recent cyberattacks on U.S. water systems, including an incident involving an Iran-linked hacker group targeting a water authority in western Pennsylvania, have heightened federal focus on the cybersecurity vulnerabilities of water utilities. These attacks, which also affected a North Texas water utility with ransomware, did not disrupt water supplies but underscored the urgent need for improved cyber defenses.

Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Tech, emphasized the importance of these events as a wake-up call for utilities to enhance their cyber hygiene. The U.S. water system consists of about 150,000 individual systems, most of which are small, municipality-run entities with limited resources for cybersecurity staff and training. Many of these systems rely on older infrastructure, complicating upgrades and cloud integration.

Prior to these attacks, the Biden administration faced challenges in regulating cybersecurity in the water sector. An attempt by the Environmental Protection Agency to integrate basic cyber questions into sanitation inspections was withdrawn due to legal challenges.

However, a recent report by Microsoft and the Cyberspace Solarium Commission 2.0 (CSC 2.0) suggests ways forward. It recommends that water sector operators conduct risk assessments, implement multifactor authentication, and utilize available state funds for cybersecurity improvements. Over the next year, initiatives by Microsoft, the Cyber Readiness Institute, and the Foundation for Defense of Democracies will focus on coaching small water utilities in cybersecurity and employee training.

Tom Fanning, Executive Chairman of Southern Company, highlighted the urgency of the situation, urging water utilities to proactively utilize available cyber resources without waiting for new regulations.

Source: Axios

Featured Tech Jobs


Related articles

Lawsuit requires Pegasus spyware to provide code used to spy on WhatsApp users

NSO Group, the developer behind the sophisticated Pegasus spyware, has been ordered by a US court to provide...

OpenAI claims New York Times manipulated ChatGPT “fabricate data”

OpenAI has challenged the New York Times' copyright lawsuit, asserting the newspaper manipulated ChatGPT to fabricate evidence. The...

Wendy’s leverages digital tech to test “surge pricing”

Wendy's is set to experiment with Uber-like surge pricing, a concept referred to as "dynamic pricing," starting in...

Meta is gathering data on Quest virtual reality users

Meta's latest policy update reveals plans to start collecting "anonymized" data from its Quest headset users, intensifying concerns...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways