Protecting Our Water: Cybersecurity Threatens Water Safety

Cyberattacks on U.S. water systems pose a dire threat to public safety. Discover the nature of these threats and how to secure safe water.

Written by on

Imagine turning on your faucet one morning and finding that, instead of water, you're met with dry silence. For many, this scenario seems far-fetched, yet it's becoming an increasingly possible reality. On March 18th, 2024, the U.S. Environmental Protection Agency (EPA), issued a dire warning to the Governors of every state. The message was foreboding: cyberattacks from foreign actors threatens the safety and stability of our nation's water infrastructure. Infact, these attacks are already happening now, risking the safety and well-being of millions. As we move into the future, protecting our water will be become vitally important.

Understanding the Risk

Cyber threats against water and wastewater systems are escalating, driven by sophisticated actors seeking to exploit any vulnerability. Recent incidents have illuminated the nature of these threats, with actors affiliated with the Iranian Government's Islamic Revolutionary Guard Corps and the People's Republic of China's state-sponsored cyber group, Volt Typhoon, targeting U.S. critical infrastructure. These attacks have not been random but are carefully designed to disrupt essential services and extract political, economic, or strategic advantage.

One of the specific vulnerabilities the letter highlights is a specific type of controller, the Unitronics programmable logic controller (PLC), which was found to be vulnerable to exploitation in November of 2023. PLC's are used to monitor various stages of water and wastewater treatment, turn pumps on and off to fill tanks and reservoirs, and announce critical alarms to operations. 

The vulnerability of water systems to cyberattacks is especially concerning due to their critical role in public health and safety. To make the situation more complicated, many water utilities are challenged by limited resources and technical capacity, making them attractive targets for cybercriminals. The EPA, alongside the Cybersecurity and Infrastructure Security Agency (CISA), has underscored the urgent need for improved cybersecurity practices within the municipal water sector.

Photo of water pouring over an adult human hand.

Securing Safe Water

Access to clean water is crucial for drinking, cooking, and hygiene, directly impacting our ability to maintain good health and prevent diseases. Waterborne pathogens can lead to severe illnesses and outbreaks, underscoring the need for protection measures against any form of contamination, including those arising from cyber-induced failures.

Water is a critical asset not just for individual survival but for the economic engine of communities and countries. Industries ranging from agriculture to manufacturing, energy production to pharmaceuticals, depend heavily on a reliable supply of clean water. A disruption in water services due to cyberattacks can have a cascading effect, halting production lines, affecting food supply, and incurring significant economic losses.

The Centers For Disease Control and Prevention (CDC), suggests several ways to prepare for potential disruptions in municipal water supply:

  1. Make water safe. Even if a water from a municipal source becomes contaminated, there are ways an the individual citizen can take steps to ensure it is safe to consume or use. This includes, boiling, disinfecting, and filtering. The CDC also provides a few handy reference sheets, Make Water Safe During an Emergency and Use Safe Water During an Emergency, to print out and keep incase internet access is unavailable. They are Make Water Safe During an Emergency
  2. Create and store an emergency water supply. The CDC suggests that keeping an ample supply of commercially produced bottled water is the safest way to make sure your water is uncontaminated. When it comes to quantity, the recommended amount is one gallon, per person, per day, for a minimum of three days. More water is needed if a member of the household is pregnant, sick, or if you are residing in a hot climate. It is also recommended to try storing as much as two weeks worth, eleven days beyond the minimum.
  3. Find other sources of water. If you're caught unprepared, there are other ways obtaining water. Some of these sources include:
    • The reservoir in a home water heating tank.
    • Melted ice cubes.
    • A toilet tank (not the bowl).
    • Liquid from canned fruits and vegetables.
    • Pools and spas (for hygiene, not consumption).
    • Decontaminated natural sources (rainwater, streams, lakes, ponds, etc.).

Conclusion

The security of our nation's water systems is not just a matter of smoothly running infrastructure, it affects public health, safety, and national security. As we navigate the complexities of the digital age, we must remain vigilant and proactive in protecting these essential resources from cyber threats. That being said, we must also ensure that we are prepared on an individual level to do without when our protective measures fail.

Read More

Subscribe to Recoil Offgrid's free newsletter for more content like this.

STAY SAFE: Download a Free copy of the OFFGRID Outbreak Issue

In issue 12, Offgrid Magazine took a hard look at what you should be aware of in the event of a viral outbreak. We're now offering a free digital copy of the OffGrid Outbreak issue when you subscribe to the OffGrid email newsletter. Sign up and get your free digital copy
RECOIL OFFGRID thumbnail Written by Patrick Diedrich
Related Tags:

No Comments