In a letter addressed to governors, the Biden administration has raised concerns about ongoing cyberattack threats against water systems, cautioning states to remain vigilant. The Environmental Protection Agency Administrator, Michael Regan, and National Security Advisor, Jake Sullivan, emphasized the potential disruption to clean and safe drinking water, as well as the significant costs that affected communities could incur.

The letter specifically mentioned the involvement of hackers linked to the governments of Iran and China. It highlighted how hackers affiliated with the Iranian Government Islamic Revolutionary Guard Corps have targeted drinking water systems, while a group known as Volt Typhoon, allegedly backed by the People's Republic of China, has compromised information technology connected to water infrastructure and other critical systems.

Officials assert that Volt Typhoon actors are pre-positioning themselves to disrupt critical infrastructure operations in the event of geopolitical tensions or military conflicts. The Biden administration emphasized that these cyberattacks could have severe consequences, particularly due to the vulnerabilities inherent in the US water system. Insufficient funding, weak controls, and staffing shortages make the water sector an attractive target for such attacks.

The Environmental Protection Agency (EPA), the lead federal agency responsible for ensuring the resilience of the nation's water sector, is taking the threat seriously. They have invited state officials to attend a meeting on Thursday to discuss the looming cybersecurity risks. The letter emphasized that many drinking water and wastewater systems lack the necessary resources and technical capacity to adopt rigorous cybersecurity practices, making them more susceptible to potential disruptions.

The concern regarding cyberattacks on water systems was further highlighted by a recent incident in late November. An Iranian-backed hacking group targeted Israeli-made digital controls commonly used in the US water and wastewater industries, affecting multiple organizations across various states. Although the incidents did not impact water quality or supplies, they underscored the urgent need for improved protection of the nation's water supply.

The Biden administration stressed the importance of implementing basic cybersecurity precautions, such as resetting default passwords and updating software to address known vulnerabilities. These measures, often overlooked due to resource constraints, are crucial in fortifying the water sector against disruptive cyberattacks.

As the threat level escalates, the Biden administration is actively engaging with state officials to mitigate risks and safeguard critical infrastructure. By raising awareness and encouraging collective action, they aim to strengthen the resilience of the water sector and ensure the uninterrupted provision of clean and safe drinking water to communities across the United States.