Escalating alerts issued concerning nation-backed cyberattacks targeting water supply systems
The White House and Environmental Protection Agency (EPA) have issued a call to action, highlighting the escalating threat of cyber attacks on U.S. water infrastructure from hackers affiliated with the People's Republic of China and the Iran-backed Islamic Revolutionary Guard Corps (IRGC).
Recent intelligence reveals that the Chinese government group known as Volt Typhoon has breached hundreds of water utilities, including smaller municipalities that support military or hospital operations. These systems are being used for pre-positioning future cyberattacks and routing network traffic.
Simultaneously, the Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) have issued cybersecurity alerts following ransomware campaigns against municipal water treatment facilities in states like Texas, Florida, and Arizona. These attacks involved ICS-targeted ransomware such as BlackSting, exploiting unpatched software.
In response, the EPA is offering free cybersecurity services to water utilities, with programs scanning for vulnerabilities that have led to over 400 mitigations recently. The EPA’s fiscal year 2026 budget requests $10 million for a competitive water cybersecurity grant program to strengthen resilience at state and local levels.
Moreover, volunteer cybersecurity experts, including those from DEF CON participants, have been actively identifying and helping patch security holes in water infrastructure.
The Biden administration is urging governors to send their top health, environmental, and homeland security officials to a virtual meeting scheduled for Thursday. Key actions taken and recommended include urgent advisories and threat alerts, proactive scanning and mitigation programs, increased funding proposals for water cybersecurity grants, engagement of volunteer cybersecurity experts, and emphasis on patching unpatched access points, segmenting operational technology from IT networks, and deploying ICS-aware intrusion detection systems.
This coordinated U.S. government response reflects growing concern that foreign-backed cyber groups, including those linked to China and the IRGC, pose a significant ongoing threat to the security and resilience of critical water infrastructure nationwide. In late 2023, threat actors linked to the IRGC hacked into various U.S. water systems by targeting Israel-made Unitronics Vision Series programmable logic controllers.
Experts urge the federal government to deepen investments in critical infrastructure cybersecurity, especially as adversaries like China and Iran actively target these systems. Corporate stakeholders are also seeking to better understand the risk calculus of their technology stacks, with a focus on whether they are potential targets. The urgency of the situation is underscored by the potential impact on the health and safety of millions of Americans who rely on these systems for their drinking and wastewater needs.
References: 1. Cybersecurity Dive 2. CyberScoop 3. The Hill 4. Krebs on Security 5. Nozomi Networks 5. Moody's Report
- The ongoing threat to U.S. water infrastructure from foreign-backed cyber groups, such as those linked to China and the IRGC, has resulted in a surge of interest in strengthening cybersecurity measures, with the Department of Homeland Security and Cybersecurity and Infrastructure Security Agency issuing alerts for ransomware campaigns against water treatment facilities.
- In response to the escalating cyber threats against water infrastructure, the Biden administration is urging governors to prioritize cybersecurity efforts and is offering free services, working with volunteer cybersecurity experts, increasing funding proposals for water cybersecurity grants, and implementing proactive scanning and mitigation programs to identify and patch security holes, segment operational technology from IT networks, and deploy ICS-aware intrusion detection systems.
