Cyber threats to your tap water? Alarming vulnerabilities per EPA

EPA sounds alarm: 70% of water systems vulnerable to cyberattacks. The agency is engaging in stronger enforcement and urging immediate action.
Spread the love
  • EPA increasing enforcement to protect drinking water systems from cyberattacks.
  • Over 70% of inspected systems were found in violation of basic cybersecurity requirements.
  • EPA urging systems to take immediate steps to address vulnerabilities.
  • Free resources available to help systems improve cybersecurity.
  • EPA may take enforcement actions against systems that fail to address risks.

May 22, 2024 –– In a statement updated Monday, the Environmental Protection Agency (EPA) warned that cybersecurity concerns are on the riseOpens in a new tab..

According to the EPA, cyberattacks targeting community water systems (CWSs) are becoming increasingly frequent and sophisticated, posing a significant threat to public health. These attacks can disrupt water treatment, distribution, and storage, potentially leading to harmful consequences for both utilities and consumers. In response to these escalating threats, the EPA is ramping up its enforcement activities to ensure the nation’s drinking water security.

Alarming Vulnerabilities Exposed.

Recent EPA inspections have revealed “alarming cybersecurity vulnerabilities” in drinking water systems nationwide. Over 70% of inspected systems were found to be in violation of basic cybersecurity requirements under the Safe Drinking Water Act (SDWA). Some common violations included failure to change default passwords, inadequate access controls, and insufficient risk assessments and emergency response plans.  The EPA statesOpens in a new tab.:

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency, EPA, and other federal entities have issued numerous advisories for cyberattacks against information networks and process control systems at water and wastewater systems by nation state organizations, including the Iranian Government Islamic Revolutionary Guard Corps, Russia state-sponsored actors, and the People’s Republic of China (PRC) state-sponsored cyber actors (known as Volt Typhoon, Vanguard Panda and other names). Foreign governments have disrupted some water systems with cyberattacks and may have embedded the capability to disable them in the future.

Urgent Action Needed.

The EPA is urging all water systems to take immediate action to address these vulnerabilities. This includes implementing basic cyber hygiene practices, conducting regular cybersecurity assessments, and developing robust incident response and recovery plans. The EPA, along with other federal agencies, is offering free resources and technical assistance to help water systems improve their cybersecurity posture.

EPA Enforcement Actions.

The EPA has already taken enforcement action against over 100 CWSs for violations of SDWA cybersecurity requirements since 2020. The agency intends to continue its enforcement efforts, using a range of tools including emergency powers and criminal sanctions if necessary, to ensure that water systems take the necessary steps to protect public health.

Available Resources.

Water utilities can find helpful information and resources on cyber risks and mitigation strategies on the EPA’s Office of Water website and the joint EPA and CISA Water and Wastewater Cybersecurity websiteOpens in a new tab..


Water tower at the former train station in Ely, Nevada, USAOpens in a new tab..  Public domain.


Since 1995, Deborah has owned and operated LegalTech LLC with a focus on water rights. Before moving to Arizona in 1986, she worked as a quality control analyst for Honeywell and in commercial real estate, both in Texas. She learned about Arizona's water rights from the late and great attorney Michael Brophy of Ryley, Carlock & Applewhite. Her side interests are writing (and reading), Wordpress programming and much more.

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify of
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x
Skip to content