EPA Urges U.S. Municipalities to Strengthen Cybersecurity Measures After Recent Attacks

The Environmental Protection Agency (EPA) is advising municipalities throughout the United States to enhance their cybersecurity measures following recent attacks by hackers, believed to be from foreign nations, on small communities in Texas and Pennsylvania. These incidents, along with an EPA review of the nation’s drinking water systems, uncovered cybersecurity vulnerabilities, leading to a warning for utilities, including those in Mid-Michigan.
Lansing Board of Water and Light (BWL), which experienced a cyber-attack in 2016, is taking the EPA’s advice seriously. Vernon Myers, BWL’s Chief Information Officer, emphasized the importance of learning from past incidents to avoid repeating the same mistakes. The EPA has recommended several steps for drinking water systems to bolster their security, such as reducing public internet exposure, conducting regular cybersecurity assessments, changing default passwords, inventorying OT/IT assets, developing incident response plans, backing up systems, reducing vulnerabilities, and conducting cybersecurity awareness training.
Michigan State University’s cyber security expert, Tom Holt, highlighted the inevitability of cyber-attacks and stressed the importance of preparedness, including addressing how devices are accessed and safeguarding against phishing attacks. The EPA’s inspections have also revealed failures in security systems, including outdated default passwords and vulnerable single login systems. Despite quick resolutions to past attacks, there remains a significant threat of severe contamination to water systems from future cyber-attacks.
The EPA is offering technical assistance, training, and resources to communities needing help with security system updates. Furthermore, EPA inspections revealed that over 70% of water systems inspected fail to meet the Safe Drinking Water Act’s clean water standards, prompting an increase in planned inspections.