US government boosts protection around water facilities following recent cyberattacks

Water treatment
(Image credit: Shutterstock)

US water facilities have become a favored target for state-sponsored groups to test their ability to infiltrate infrastructure and remain unseen.

Just this year alone, groups from China, Iran, and Russia have all been spotted lurking in OT infrastructure systems used to control water facilities, with some of them even managing to divert water and cause overflows.

As a result, the Environmental Protection Agency has decided to step up its testing on US drinking water to mitigate the effects of a potential successful attack on a water facility.

A silver lining?

Results from recent inspections of US water facilities have not been promising, with the EPA’s own testing revealing that 70% of water systems have failed to meet the cyber standards set out in the Safe Drinking Water Act (SDWA) since September 2023.

Hygiene is particularly important for water - both drinking and cyber - with the EPA finding frequent SDWA violations including simple cyber hygiene steps such as changing the default passwords provided on unprotected endpoints, which is exactly how a Russian state-sponsored group hacked into a water facility earlier this year.

Chinese based groups have frequently exploited living-off-the-land techniques to remain undetected within US infrastructure, with the EPA stating in its advisory that, “Foreign governments have disrupted some water systems with cyberattacks and may have embedded the capability to disable them in the future.”

The EPA further states that additional SDWA compliance will be enforced, and “where vulnerabilities are identified and may present an imminent and substantial endangerment to public health, enforcement actions may be appropriate under SDWA Section 1431 to mitigate those risks.”

Via The Verge.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Russia
Major Russian hacking group shifts focus to US and UK targets
China US flags cropped
Guam's critical infrastructure is under attack - and Volt Typhoon is the top suspect
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
Latest in Pro
Representational image of a shrouded hacker.
Adapting the UK’s cyber ecosystem
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
Context Windows
Why are AI context windows important?
BERT
What is BERT, and why should we care?
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Close up of Leica M11-P viewfinder
I wince at the prospect of the rumored Leica M11-V – here's why