On Tuesday, the United States government sent a warning letter to all 50 US governors, alerting them to the threat of hackers targeting US water systems and urging their cooperation to bolster cybersecurity. The letter stressed the critical need for a collaborative effort to enhance the protection of water infrastructure.
National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan, who co-authored the warning letter, identified two primary threats, emanating from Iran and China.
The letter accuses cyber attackers affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) of exploiting cybersecurity vulnerabilities to gain unauthorized access to US water systems. Furthermore, the letter references the cyber group Volt Typhoon, sponsored by The People’s Republic of China (PRC), which has been involved in disrupting the information technology systems of several critical infrastructures in the US, including those related to drinking water.
The letter emphasized, “The attacks pose a threat to the crucial service of delivering clean and safe drinking water and have the potential to inflict considerable expenses on the impacted communities.”
On November 25, 2023, the Municipal Water Authority of Aliquippa (MWAA) in Pennsylvania were targeted by cyber attackers linked to Iran. This incident prompted the release of a joint security advisory on December 1 of last year, specifically aimed at addressing the cyber threats facing US water systems.
In a news release, EPA Administrator Regan highlighted the critical importance of water systems, stating, “Drinking water and wastewater systems are a lifeline for communities, yet many of these systems have not implemented crucial cybersecurity measures to counter potential cyberattacks.”
The EPA and the National Security Council (NSC) have committed to ongoing collaboration with leaders across various organizations to tackle this issue, focusing on the identification and implementation of actions and strategies to mitigate such threats.
