Priya PatelTLDR:
- FBI Director Christopher Wray testified before the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, warning that Chinese hackers are preparing to target critical U.S. infrastructure.
- In his testimony, Wray specifically mentioned the water treatment plants as potential targets for cyber attacks.
- This warning comes shortly after the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and U.S. Environmental Protection Agency (EPA) published guidance to help water and wastewater owners and operators in cyber incident response.
- The FBI and U.S. Justice Department had previously taken steps to shut down a Chinese government-backed cyber operation called “Volt Typhoon,” but the threat of hackers remains.
- The water sector, along with other critical infrastructure, is vulnerable to cyber attacks due to the evolving capabilities of hackers.
FBI Director Christopher Wray has issued a warning that Chinese hackers are targeting critical U.S. infrastructure, including water treatment plants. Speaking before the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, Wray emphasized the need for increased public awareness about the cyber threat posed by China. He stated, “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities.” Wray’s warning comes as the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and U.S. Environmental Protection Agency (EPA) published a guide to assist water and wastewater owners and operators in cyber incident response.
The guidance, developed in collaboration with industry partners, provides information on federal roles, resources, and responsibilities at each stage of the response lifecycle. The water sector is considered a high-risk target for cyber attacks due to the critical nature of water and wastewater services. The guide encourages utilities to review and implement recommended actions to mitigate cyber threats, such as multi-factor authentication, anti-virus programs, spam filtering, and network traffic monitoring. The FBI and U.S. Justice Department recently took steps to shut down a Chinese government-backed cyber operation called “Volt Typhoon,” but the threat of hackers remains.
The water sector, along with other critical infrastructure, is vulnerable to cyber attacks due to the evolving capabilities of hackers. John Sullivan, chief engineer at Boston Water and Sewer Commission and chairman of WaterISAC, an organization that manages and shares threat information for the water sector, has previously stated that “all critical infrastructure is vulnerable, even the most well financed and technically sophisticated.” As a result, WaterISAC advises utilities to have cybersecurity incident response plans and provides recommendations for protecting against cyberattacks, including constant employee awareness training, multi-factor authentication, and implementing incident response plans. However, in October 2023, the EPA withdrew plans to require water systems to incorporate cybersecurity audits as part of utility sanitary surveys, following industry pushback.
