The U.S. government has warned state governors, alerting them to nationwide disruptive cyberattacks targeting water and sewage systems. In a recent letter, National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan highlighted the threat posed by foreign hackers, particularly from Iran and China. These attacks, exemplified by a recent incident in Pennsylvania where Iranian-affiliated hackers disabled a water facility controller, underscore the potential disruption to critical infrastructure and communities’ clean water supply.
Cybersecurity experts have long recognized concerns over the digital security of water and sewage plants due to their essential role and often limited defenses. Last year’s intrusion at a Pennsylvania booster facility, marked by a message replacing the controller indicating a hack, further emphasizes the vulnerability of these systems. While no damage was reported in this instance, industry groups have warned that such incidents may not be isolated.
The letter urges governors to ensure comprehensive cybersecurity assessments of water systems within their states and prepare for potential cyber incidents.
This underscores the crucial role of Chief Information Officers (CIOs) in overseeing and bolstering cybersecurity measures within critical infrastructure sectors like water management. As guardians of digital systems, CIOs are pivotal in implementing proactive defenses and response strategies to safeguard against disruptive cyber threats.