The U.S. Environmental Safety Company (EPA) mentioned it is forming a brand new “Water Sector Cybersecurity Process Pressure” to plot strategies to counter the threats confronted by the water sector within the nation.
“Along with contemplating the prevalent vulnerabilities of water techniques to cyberattacks and the challenges skilled by some techniques in adopting greatest practices, this Process Pressure in its deliberations would search to construct upon current collaborative merchandise,” the EPA mentioned.
In a letter despatched to all U.S. Governors, EPA Administrator Michael Regan and Nationwide Safety Advisor Jake Sullivan highlighted the necessity to safe water and wastewater techniques (WWS) from cyber assaults that would disrupt entry to scrub and protected ingesting water.
At the very least two risk actors have been linked to intrusions concentrating on the nation’s water techniques, together with these by an Iranian hacktivist group named Cyber Av3ngers in addition to the China-linked Volt Storm, which has focused communications, power, transportation, and water and wastewater techniques sectors within the U.S. and Guam for a minimum of 5 years.
“Ingesting water and wastewater techniques are a pretty goal for cyberattacks as a result of they’re a lifeline essential infrastructure sector however usually lack the assets and technical capability to undertake rigorous cybersecurity practices,” Regan and Sullivan mentioned.
The event coincides with the discharge of a brand new truth sheet from the U.S. Cybersecurity and Infrastructure Safety Company (CISA), urging essential infrastructure entities to defend in opposition to the “pressing threat posed by Volt Storm” by implementing safe by-design ideas, strong logging, safeguarding the availability chain, and growing consciousness of social engineering ways.
“Volt Storm have been pre-positioning themselves on U.S. essential infrastructure organizations’ networks to allow disruption or destruction of essential providers within the occasion of elevated geopolitical tensions and/or navy battle with america and its allies,” the company cautioned.
Cybersecurity agency SentinelOne, in a report printed final month, revealed how China has launched an offensive media technique to propagate “unsubstantiated” narratives round U.S. hacking operations for over two years.
“Repeating China’s allegations helps the [People’s Republic of China] form international public opinion of the U.S. China desires to see the world acknowledge the U.S. because the ’empire of hacking,'” Sentinel One’s China-focused guide Dakota Cary mentioned.
“The truth that China is lodging allegations of US espionage operations remains to be notable, offering perception into the connection between the US and China, even when China doesn’t help its claims.”
