Why Biden Was Proved Right on Push to Secure Water Utilities
In what will come as an unpleasant ‘I told you so’ moment for outgoing President, Joe Biden's emphasis on cyber resilience for water systems has rung true after the US largest publicly regulated water and wastewater fell victim to a cyber-attack.
This incident that hit American Water, although did not impact the operation of its water and wastewater facilities, was reported to the SEC after the company discovered unauthorised activity within its networks on October 3. A number of specific systems have been shut down and suspension placed on customer billing as a precaution.
Still the incident has sent shockwaves through the utility sector and vindicated the Biden administration's persistent warnings about the vulnerability of essential services to digital threats.
A growing threat to critical infrastructure
This incident is not isolated but part of a worrying trend of cyber-attacks targeting critical infrastructure in the US.
Earlier this year, US intelligence agencies, including the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), warned that state-sponsored hackers had successfully breached several critical infrastructure sectors, including water systems.
In light of these escalating threats, the White House has made upping the country's cybersecurity one of its core drives. This saw them send a stark warning to US governors specifically highlighting that "disabling" cyberattacks targeting water systems are occurring throughout the country.
"These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities," National Security Advisor Jake Sullivan and EPA Administrator Michael Regan said at the time.
Biden's push for cyber resilience
President Biden's administration therefore has been pushing for increased cyber resilience in critical infrastructure since taking office. The administration's efforts include:
- 1. Inviting state officials to a meeting to discuss improving digital defences for over 150,000 utilities in the US
- 2. Setting up a water sector cybersecurity task force through the EPA to outline challenges and develop defence strategies
- 3. Attempting to impose more stringent cybersecurity rules for water utilities, although this effort faced legal challenges
The cyber challenges ahead
Despite these efforts, the water sector continues to lack binding cybersecurity rules. The EPA's attempt to use its sanitation authorities to impose cybersecurity mandates was part of a larger effort to add more stringent regulations to critical infrastructure sectors, many of which are currently unregulated in terms of cybersecurity.
Yet, the breach of American Water, a company that provides essential water and wastewater services to over 14 million people across 14 states, serves as a wake-up call for the entire utility sector and serves as fuel for further regulation.
Although the incumbent is due to leave office, the American Water incident should highlight that the administration recognised is real, and so such a push could continue past his tenure.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Sustainability Secured: SolarEdge Devices Cyber CertifiedCyber Security
- ISC2: How AI is Reshaping the Cyber Workforce ChallengesTechnology & AI
- Customer Confidence: Hiscox Reveals Growing Cost of AttacksCyber Security
- Supply Chain Security: Why Is It Key for the Energy Sector?Cyber Security