The Environmental Protection Agency (EPA) issued an enforcement alert Monday urging water utility systems to take immediate action to protect the nation’s drinking water from cyberattacks.
According to the EPA, recent federal inspections revealed that 70 percent of U.S. water systems inspected do not fully comply with requirements in the Safe Drinking Water Act.
The agency added that some systems have “critical cybersecurity vulnerabilities, such as default passwords that have not been updated and single logins that can easily be compromised.”
Possible impacts of cyberattacks include interruptions to water treatment and storage and damage to pumps and valves, along with alteration of chemical levels to hazardous amounts, the EPA said.
“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” EPA Deputy Administrator Janet McCabe said in a press release.
When reached by Newsweek via email Monday afternoon, the EPA pointed to additional information in today’s press release and enforcement alert.
The warning said China, Russia and Iran have “disrupted some water systems with cyberattacks and may have embedded the capability to disable them in the future.” Late last year, an Iranian-linked group, “Cyber Av3ngers,” targeted multiple organizations, including a small Pennsylvania town’s water provider.
Earlier this year, a Russian-linked “hactivist” group attempted to disrupt operations at several Texas utilities. In addition, a cyber group linked to China, “Volt Typhoon,” has compromised information technology of multiple infrastructure systems, including drinking water, in the U.S. and its territories, the alert stated.