Offgrid Preparation Protecting Our Water: Cybersecurity Threatens Water Safety
In This Article
Imagine turning on your faucet one morning and finding that, instead of water, you're met with dry silence. For many, this scenario seems far-fetched, yet it's becoming an increasingly possible reality. On March 18th, 2024, the U.S. Environmental Protection Agency (EPA), issued a dire warning to the Governors of every state. The message was foreboding: cyberattacks from foreign actors threatens the safety and stability of our nation's water infrastructure. Infact, these attacks are already happening now, risking the safety and well-being of millions. As we move into the future, protecting our water will be become vitally important.
Cyber threats against water and wastewater systems are escalating, driven by sophisticated actors seeking to exploit any vulnerability. Recent incidents have illuminated the nature of these threats, with actors affiliated with the Iranian Government's Islamic Revolutionary Guard Corps and the People's Republic of China's state-sponsored cyber group, Volt Typhoon, targeting U.S. critical infrastructure. These attacks have not been random but are carefully designed to disrupt essential services and extract political, economic, or strategic advantage.
One of the specific vulnerabilities the letter highlights is a specific type of controller, the Unitronics programmable logic controller (PLC), which was found to be vulnerable to exploitation in November of 2023. PLC's are used to monitor various stages of water and wastewater treatment, turn pumps on and off to fill tanks and reservoirs, and announce critical alarms to operations.Â
The vulnerability of water systems to cyberattacks is especially concerning due to their critical role in public health and safety. To make the situation more complicated, many water utilities are challenged by limited resources and technical capacity, making them attractive targets for cybercriminals. The EPA, alongside the Cybersecurity and Infrastructure Security Agency (CISA), has underscored the urgent need for improved cybersecurity practices within the municipal water sector.
Access to clean water is crucial for drinking, cooking, and hygiene, directly impacting our ability to maintain good health and prevent diseases. Waterborne pathogens can lead to severe illnesses and outbreaks, underscoring the need for protection measures against any form of contamination, including those arising from cyber-induced failures.
Water is a critical asset not just for individual survival but for the economic engine of communities and countries. Industries ranging from agriculture to manufacturing, energy production to pharmaceuticals, depend heavily on a reliable supply of clean water. A disruption in water services due to cyberattacks can have a cascading effect, halting production lines, affecting food supply, and incurring significant economic losses.
The Centers For Disease Control and Prevention (CDC), suggests several ways to prepare for potential disruptions in municipal water supply:
The security of our nation's water systems is not just a matter of smoothly running infrastructure, it affects public health, safety, and national security. As we navigate the complexities of the digital age, we must remain vigilant and proactive in protecting these essential resources from cyber threats. That being said, we must also ensure that we are prepared on an individual level to do without when our protective measures fail.
Subscribe to Recoil Offgrid's free newsletter for more content like this.
No Comments