EPA Announces Increase in Cyber Enforcement, Top Defensive Tips

Water and wastewater systems throughout the U. S. are facing a growing number of cyberattacks. In January 2024, a cyberattack on a rural Texas town's water system was carried out by hackers linked to Russia, while a group associated with Iran breached several U.S. water systems in late 2023. In response to these attacks, the U.S. Environmental Protection Agency (EPA) announced that it would increase inspections and enforcement actions to safeguard the country's drinking water this past May.

According to the EPA, recent inspections show that more than 70% of water and wastewater systems do not fully comply with the Safe Drinking Water Act. Many of these systems have significant vulnerabilities, such as default passwords on OT devices and shared credentials for all employees. 

The EPA, along with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, have released a collaborative document outlining strategies for water system operators to enhance their defenses against the growing number of cyberattacks directed at them. Some recommendations include conducting regular assessments, providing cybersecurity awareness training, and practicing incident response and recovery plans.

To learn more about how water system operators can shore up their defenses today, click here.