US alerts 50 governors to cyberattack threats on water systems

By Minkyung Shin, The Readable
Mar. 21, 2024 9:28PM GMT+9

On Tuesday, the United States government sent a warning letter to all 50 US governors, alerting them to the threat of hackers targeting US water systems and urging their cooperation to bolster cybersecurity. The letter stressed the critical need for a collaborative effort to enhance the protection of water infrastructure.

National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan, who co-authored the warning letter, identified two primary threats, emanating from Iran and China.

The letter accuses cyber attackers affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) of exploiting cybersecurity vulnerabilities to gain unauthorized access to US water systems. Furthermore, the letter references the cyber group Volt Typhoon, sponsored by The People’s Republic of China (PRC), which has been involved in disrupting the information technology systems of several critical infrastructures in the US, including those related to drinking water.

The letter emphasized, "The attacks pose a threat to the crucial service of delivering clean and safe drinking water and have the potential to inflict considerable expenses on the impacted communities.”

On November 25, 2023, the Municipal Water Authority of Aliquippa (MWAA) in Pennsylvania were targeted by cyber attackers linked to Iran. This incident prompted the release of a joint security advisory on December 1 of last year, specifically aimed at addressing the cyber threats facing US water systems.

In a news release, EPA Administrator Regan highlighted the critical importance of water systems, stating, “Drinking water and wastewater systems are a lifeline for communities, yet many of these systems have not implemented crucial cybersecurity measures to counter potential cyberattacks.”

The EPA and the National Security Council (NSC) have committed to ongoing collaboration with leaders across various organizations to tackle this issue, focusing on the identification and implementation of actions and strategies to mitigate such threats.

The cover image of this article was designed by Daeun Lee. This article was reviewed by Dain Oh and copyedited by Arthur Gregory Willers.

Minkyung Shin serves as a reporting intern for The Readable, where she has channeled her passion for cybersecurity news. Her journey began at Dankook University in Korea, where she pursued studies in Journalism and Software Convergence Contents. During her university studies, Shin led a team project that developed an Augmented Reality (AR) Face Tracking Service application and authored a paper titled ‘AR Face Tracking Based on Service Content’. In 2023, she expanded her experiences by interning at the Toronto-based non-profit organization, TCM, planning support programs for underprivileged children in the city. Through her diverse experiences, Shin has cultivated a broad perspective on cybersecurity. She is committed to delivering accurate and insightful cybersecurity news to readers worldwide.