Monday, December 23, 2024

HomeCyberSecurityWater woes: A federal push for cyber mitigation is highlighting the sector’s...

Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines

An urgent virtual meeting between White House, Environmental Protection Agency and state homeland security and health officials last week emerged against a backdrop of increasing tensions over how to best approach the threat of malicious cyberattacks against the public water industry.

The Biden administration in October 2023 withdrew plans to include cybersecurity as part of periodic audits of public water systems after a successful legal challenge by several states and industry groups before the U.S. Court of Appeals. 

The court challenge was led by attorney’s general from Missouri, Iowa and Arkansas and supported by the American Water Works Association and the National Rural Water Association. 

However, the threat landscape quickly escalated late last year when threat groups linked to Iran’s Islamic Revolutionary Guard Corps. began targeting the U.S. with attacks against water utilities and other organizations by exploiting vulnerable Unitronics programmable logic controllers

“The nation’s water systems face cyber threats from criminals and countries alike,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, according to a readout provided by EPA. “We must lock our digital doors to meet the threat.”

Neuberger spoke along with EPA Deputy Administrator Janet McCabe to state and local officials from across the country regarding the growing threats to water systems.

The discussion included efforts being made by several states to address the threat to water systems and challenges to access technical expertise and other resources local water systems need. 

Neuberger asked each state to share a plan by May 20 for addressing how they are addressing potential cyber vulnerabilities for drinking and wastewater systems and what efforts exist to put protections in place. 

EPA officials also outlined additional efforts to create a Water Sector Cybersecurity Task Force. 

A spark of tension

The tension between federal agencies and local industry officials is not a surprising or unexpected development, however many of these community water systems lack the funding or expertise to prioritize a full-time cybersecurity expert.

There is also a lack of trust in top down mandates coming from Washington. 

“We know that utilities of all sizes today are on the front lines defending themselves against cyberattacks from highly motivated adversaries with financial and political agendas,” Katherine Ledesma, head of public policy and government affairs at Dragos, said via email. 

And especially when we look at the water sector, they face unique challenges in accessing the resources, tools and expertise they need,” Ledesma said. “Small public water systems represent more than 90% of the nation’s community water systems and they simply don’t have the same resources as larger organizations.”

In January testimony before the House Subcommittee on Environment, Manufacturing and Critical Materials, Cathy Tucker-Vogel, public water supply section chief for the Kansas Department of Health and Environment and past president of the Association of State Drinking Water Administrators, raised multiple concerns about the EPA’s push last year for water utilities to conduct mandatory audits, also called sanitary surveys.

“EPA’s recently withdrawn memorandum exceeded the water sector’s capacity and raised significant implementation concerns,” Tucker-Vogel told the House subcommittee in January,  according to testimony submitted to the committee, which included multiple letters sent to EPA officials about those concerns. 

Among the major concerns raised by state and local officials include the limited amount of funding available for cybersecurity, the limited amount of subject matter expertise and the need for continuous training. 


Source link

Bookmark (0)
Please login to bookmark Close
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Sponsored Business

- Advertisment -spot_img