Priya PatelTLDR:
- Cybersecurity chief Anne Neuberger highlighted cyberattacks on US water systems by China, Russia, and Iran, emphasizing the vulnerability of water infrastructure.
- Older OT systems in water facilities pose a significant cybersecurity risk due to lack of updates and vulnerabilities.
In the midst of increasing cyberattacks on US water systems, the White House is still struggling to establish minimum cybersecurity standards to protect critical infrastructure. Anne Neuberger, the White House cybersecurity chief, revealed the concerning trend of attacks from China, Russia, and Iran on the US water facilities during the Billington Cybersecurity Summit. These attacks, which have been attributed both to state-sponsored actors and hacktivists, underscore the urgent need for enhanced security measures in the water sector. These attacks on water infrastructure highlight the reliance on legacy operational technology (OT) systems, which are not regularly updated and are often connected to the Internet, making them susceptible to remote hacking.
Randy Watkins, chief technology officer at Critical Start, emphasized the vulnerability of these older systems, noting that they were not designed with cybersecurity in mind. The use of default passwords for internet-accessible programmable logic controllers (PLCs) has facilitated easy access for threat actors, potentially leading to physical harm or contamination of water supplies. Despite attempts to address these security gaps, including the proposed cybersecurity standards by the Environmental Protection Agency, the implementation of such measures has faced challenges and pushback from states.
Experts in the field have suggested technical solutions to bolster security, such as changing default passwords and securing remote access via VPNs. The lack of a unified national water supply and infrastructure further compounds the cybersecurity challenges faced by smaller utilities, as seen in incidents like the tank overflow in Muleshoe, Texas. Ultimately, the vulnerability of water infrastructure remains a critical issue, with significant implications for public health and environmental safety.
