Source URL: https://www.theregister.com/2024/11/19/us_drinking_water_systems_cybersecurity/
Source: The Register
Title: America’s drinking water systems have a hard-to-swallow cybersecurity problem
Feedly Summary: More than 100 million rely on systems rife with vulnerabilities, says EPA OIG
Nearly a third of US residents are served by drinking water systems with cybersecurity shortcomings, the Environmental Protection Agency’s Office of Inspector General found in a recent study – and the agency lacks its own system to track potential attacks. …
AI Summary and Description: Yes
Summary: The text highlights significant cybersecurity vulnerabilities in US drinking water systems, with findings from the EPA’s Office of Inspector General underlining that almost a third of tested systems lack adequate computer security. This report emphasizes the critical need for improved cybersecurity measures in the water sector, particularly due to the integration of legacy infrastructure with modern IT systems, making them more susceptible to cyber threats.
Detailed Description: The report released by the Environmental Protection Agency (EPA) raises serious concerns about the cybersecurity preparedness of drinking water systems in the United States:
– **Key Findings**:
– **Cybersecurity Shortcomings**: Out of 1,062 drinking water systems tested, 308 were found to have cybersecurity vulnerabilities.
– **Vulnerability Levels**: Of these, 211 had medium or low-risk vulnerabilities, and 97 had critical or high-risk issues, threatening the security of approximately 82.7 million people.
– **Impact on Physical Infrastructure**: The vulnerabilities could potentially impact the physical infrastructure and operating systems of water systems, emphasizing the need for immediate attention.
– **Lack of Incident Reporting**: The EPA lacks its own cybersecurity incident reporting system and instead depends on the Department of Homeland Security for notifications of incidents affecting these systems.
– **Absence of Policies**: The report criticized the EPA for not having documented policies and procedures related to coordinating emergency responses with the Cybersecurity and Infrastructure Security Agency (CISA).
– **Political Challenges**: The EPA rescinded cybersecurity evaluation rules following a lawsuit, reflecting the ongoing tension between state sovereignty and national security concerns.
– **Growing Cyber Threats**: Experts highlight that the convergence of outdated legacy systems with modern IT increases vulnerability to cyberattacks. These systems serve as attractive potential targets for adversaries, including nation-state actors.
– **International Context**: The challenges faced by the US are mirrored in the UK, where companies like Thames Water face vulnerabilities due to aging systems and outdated technology.
– **Future Plans**: The EPA acknowledges the need for a robust cybersecurity program in the water sector, aiming to prevent and recover from cyber incidents through technical assistance and funding.
The report serves as a crucial reminder of the urgent need for enhanced cybersecurity practices in critical infrastructure sectors like drinking water systems to ensure public safety and security.