US Unveils Plan to Improve Cyber Defenses For Water Utilities

WASHINGTON–The White House on Thursday unveiled a plan to beef up cybersecurity in the nation’s water sector, an extension of its efforts to thwart attacks against critical infrastructure including electricity and natural gas pipeline operators.

Senior administration officials said water facilities use automation and electronic networks that are vulnerable to cyber attacks, which could include producing unsafe water, stopping water flow to consumers, and damaging infrastructure.

The administration’s plan will push for the adoption of new technologies that offer early detection of cyber threats, improve response to such incidents, and provide the sharing of such data with the U.S. government.

Cybersecurity has been a major focus for the Biden administration following a spate of high-profile cyber breaches that crippled American companies and government agencies, including a ransomware incident which disrupted gasoline supplies.

Last year, hackers broke into the computer system of a facility that treats water for about 15,000 people near Tampa, Florida, and sought to add a dangerous level of additive to the water supply.

In July, President Joe Biden signed a national security memorandum to create “performance controls” for cybersecurity in the country’s most critical companies. He warned that if the U.S. ended up in a “real shooting war” with a “major power” it could be the result of a significant cyber attack on the United States, highlighting what Washington sees as a growing threat posed by hackers from Russia, China, Iran and North Korea.

The latest water sector initiative will be carried out in coordination with the U.S. Environmental Protection Agency (EPA) and the Water Sector Coordinating Council. The EPA will invite water utilities to a pilot program, but participation will be voluntary, the officials said.