Biden Administration Aims to Boost Cyber Defenses in Water Sector
U.S. Aims to Reduce Cybersecurity Vulnerability in Water Sector
(Bloomberg) -- The White House is embarking on an initiative to increase cybersecurity in the water sector, part of a broader effort to shore up defenses of the nation’s critical infrastructure.
After initially focusing on electricity and natural gas pipelines, the Biden administration is now hoping to convince the overseers of more than 150,000 public water systems to improve cyber defenses, two administration officials told reporters on a conference call Wednesday night. The initiative is part of the Industrial Control Systems Cybersecurity Initiative, a partnership between the federal government and private sector companies established last year.
As part of the effort, federal agencies will promote technologies that can provide early detection of cyber threats to industrial controls for water supplies, one of the officials said. The administration also will encourage companies to more readily share threat information about potential vulnerabilities and remediation, a longstanding challenge. Participation in the program will be voluntary, and it isn’t yet clear who will pay for the additional technology.
The latest initiative comes after stark warnings before Congress and from cybersecurity experts about how vulnerable America’s water supply is to cyberattacks, a point reiterated by one of the officials, who said there was “inadequate cyber resilience” in the water sector.
Early last year, a hacker remotely accessed the water system for Oldsmar, Florida, a city of roughly 15,000 people, and briefly increased a treatment chemical to a potentially unsafe level. A facility operator observed the hacker on their screen, watching as the digital intruder moved the mouse “to open various functions that control the water being treated in the system,” Pinellas County Sheriff Bob Gualtieri said at the time.
The operator lowered the level of the chemical, preventing any harm to the public and the drinking water. No one has been arrested in connection with that incident. Asked the lessons learned from the Oldsmar attack, the official told reporters the public often presumes hacks are sophisticated, but readily available commercial cybersecurity technologies would prevent the majority of attacks.
In addition, the Department of Homeland Security in October warned of ongoing cyber threats to U.S. water systems, urging facility operators to be prepared for phishing and ransomware attacks.
©2022 Bloomberg L.P.