Feds warn cyber attacks are being carried out against U.S. water infrastructure by China, Iran

The Environmental Protection Agency and Biden White House are warning states to safeguard their water sector infrastructure against cyber attacks launched by Iran and China.

“These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” EPA Administrator Michael Regan and National Security Advisor Jake Sullivan said in a letter to all state governors.

According to the EPA, these types of attacks are increasing, and the agency is urging states to implement basic “cyber hygiene” practices to safeguard against them.

In the letter to governors, the EPA cited two types of attacks that have been carried out on water facilities in the U.S. One was from “threat actors” who were associated with the Iranian Government Islamic Revolutionary Guard Corps. Those attacks exploited facilities that had neglected to change the default manufacturer’s password.

Other attacks came from the People’s Republic of China, which the EPA said the attackers are “pre-positioning themselves to disrupt critical infrastructure in the event of geopolitical tensions and/or military conflicts.”

“We need your support to ensure that all water systems in your state comprehensively assess their current cybersecurity practices to identify any significant vulnerabilities, deploy practices and controls to reduce cybersecurity risks where needed, and exercise plans to prepare for, respond to, and recover from a cyber incident,” the EPA letter states.