Cyberattacks against water utilities across the country are becoming more frequent and more severe, the Environmental Protection Agency warned Monday as it issued an enforcement alert urging water systems to take immediate actions to protect the nation’s drinking water.

About 70% of utilities inspected by federal officials over the last year violated standards meant to prevent breaches or other intrusions, the agency said. Officials urged even small water systems to improve protections against hacks. Recent cyberattacks by groups affiliated with Russia and Iran have targeted smaller communities.

Some water systems are falling short in basic ways, the alert said, including failure to change default passwords or cut off system access to former employees. Because water utilities often rely on computer software to operate treatment plants and distribution systems, protecting information technology and process controls is crucial, the EPA said. Possible impacts of cyberattacks include interruptions to water treatment and storage; damage to pumps and valves; and alteration of chemical levels to hazardous amounts, the agency said.

McCabe named China, Russia and Iran as the countries that are “actively seeking the capability to disable U.S. critical infrastructure, including water and wastewater.”

  • Jo Miran
    link
    fedilink
    arrow-up
    4
    ·
    6 months ago

    Pay your legitimate bills without complaint is the best advice here. Contest if they actually are wrong, this can happen, but it isn’t common.

    And here lies the problem. It is actually very common. I know of one major utility company that has been “estimating” 70%+ of their residential bills for years. They cannot get a handle on it and they haven’t had full, clean data for years…so how are they estimating? They aren’t. They are guesstimates. That’s why they hired us.

    That’s the most extreme case due to the sheer number of households, but most do it. We only have one customer that has hired us to help them achieve their goal of zero estimates. One. Most just want to reach “good enough for minimum regulatory compliance”.