America’s drinking water is currently under threat, with connections traced back to China, Russia, and Iran. The United States is confronting a significant challenge to its water infrastructure, as these nations are identified as the primary instigators.
Recent developments indicate a series of cyberattacks targeting water utilities across the nation, including incidents in Wichita, Kansas, as reported by CNBC on Wednesday. These attacks pose risks of infrastructure damage, disruption of water availability and flow, and potential contamination through alterations in chemical levels in public drinking water supplies.
Recent attacks have targeted water systems in Kansas, Texas, and Pennsylvania, underscoring a concerning trend. Foreign-affiliated cybercriminals have prioritized targeting critical national infrastructure. According to an EPA spokesperson, all drinking water and wastewater systems are vulnerable, irrespective of size or location—urban or rural.
Despite advancements in AI for cybersecurity, Ryan Witt, vice president of Proofpoint, notes that the primary methods of attack continue to exploit human weaknesses such as phishing, social engineering, and default passwords.
In response to these vulnerabilities, the Environmental Protection Agency (EPA) issued an enforcement alert, revealing that 70% of inspected water systems fail to fully comply with the Safe Drinking Water Act. The EPA highlighted critical cybersecurity gaps, including outdated default passwords and retained system access by former employees.
