US Issues Warning Against Cyberattacks on Water Systems

The United States Government has warned state Governors about foreign hackers attempting to disrupt water and sewage systems nationwide.

In an emergency letter by National Security Advisor Jake Sullivan and administrator of the Environmental Protection Agency, Michael Regan warned that “disruptive attacks are hitting water and sewage systems throughout the United States.” 

The letter alleged that Iranian and Chinese Hackers are responsible for carrying out these disruptive attacks. These attacks can disrupt the lifeline of clean drinking water and can impose significant costs on affected communities. Moreover, Regan and Sullivan mentioned a recent case in which hackers allegedly associated with Iran’s Revolutionary Guards were accused of disabling a controller at a water facility in Pennsylvania.

They also pointed toward a Chinese hacking gang called “Volt Typhoon.” They accused them of breaching the information technology systems of several critical infrastructure facilities, including drinking water systems, across the United States and its territories. However, the Chinese Embassy in Washington and Iran’s mission to the United Nations did not immediately respond to a request for comment. Moreover, both nations have openly denied involvement in any cyberattacks. 

The cybersecurity of these water and sewage plants has remained the top concern of cybersecurity personnel mainly because of the critical nature of the facilities that might impose significant risks to public health and safety. An incident that happened last year at a booster facility that regulates and tracks sewage water systems in Aliquippa, Pennsylvania, gained sudden attention because the controller that regulates water pressure was replaced with a message saying, “YOU ARE HACKED!” Upon receiving the message, authorities swiftly formed an investigative committee. Sources disclosed that the cyberattacks were carried out by a Chinese group known as Volt Typhoon. However, no damage was caused to the sewage system; an industry group known as the Water Information Sharing and Analysis Centre released a press release soon after the attack stating, “This is not going to be an isolated event.” 

The letter was written to all the state governors to urge them to ensure the security of their water systems through continuous assessments employing several cybersecurity practices. The letter also warned the governors to be ready for such potential cyber incidents in the future.

Leave a Reply