US government boosts protection around water facilities following recent cyberattacks

Testing at water facilities to increase

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

US water facilities have become a favored target for state-sponsored groups to test their ability to infiltrate infrastructure and remain unseen.

Just this year alone, groups from China, Iran, and Russia have all been spotted lurking in OT infrastructure systems used to control water facilities, with some of them even managing to divert water and cause overflows.

As a result, the Environmental Protection Agency has decided to step up its testing on US drinking water to mitigate the effects of a potential successful attack on a water facility.

A silver lining?

Results from recent inspections of US water facilities have not been promising, with the EPA’s own testing revealing that 70% of water systems have failed to meet the cyber standards set out in the Safe Drinking Water Act (SDWA) since September 2023.

Hygiene is particularly important for water - both drinking and cyber - with the EPA finding frequent SDWA violations including simple cyber hygiene steps such as changing the default passwords provided onunprotected endpoints, which is exactly how a Russian state-sponsored group hacked into a water facilityearlier this year.

Chinese based groups have frequently exploited living-off-the-land techniques to remain undetected within US infrastructure, with the EPA stating in itsadvisorythat, “Foreign governments have disrupted some water systems with cyberattacks and may have embedded the capability to disable them in the future.”

The EPA further states that additional SDWA compliance will be enforced, and “where vulnerabilities are identified and may present an imminent and substantial endangerment to public health, enforcement actions may be appropriate under SDWA Section 1431 to mitigate those risks.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Verge.

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)