The US government asked state governments to strengthen their cyber security, especially in the clean water installation system and waste disposal system.
This warning was issued because cyber attacks were taking place targeting critical installations and infrastructure, including clean water installations, as quoted from The Verge, Sunday (24/3/2024).
This attack is believed to be related to the Iranian government, which previously launched attacks on US clean water facilities, to be precise in November 2023, especially on facilities that still used default passwords.
At least six Iranian Armed Forces personnel are considered responsible for the attack. Apart from that, there is also the threat from Volt Typhoon, a cyber demon gang sponsored by China, which last February attacked the US drinking water system.
Several relevant departments held a meeting on March 21 to discuss minimum requirements for protecting clean water infrastructure from cyber attacks.
Meanwhile, the Environmental Protection Agency (EPA) also formed a Water Sector Cybersecurity Task Force to search for and identify existing security gaps and provide recommendations to related parties.
"Drinking water and waste disposal systems are attractive targets for cyberattacks because they are critical life-sustaining infrastructure but often lack the resources and technical capabilities to adopt rigorous cybersecurity systems," said the letter signed by national security adviser Jake Sullivan and EPA administrator Michael Regan.
The letter is aimed at state governments to ensure their drinking water systems are tested for safety gaps.
"In some cases, even the most basic cybersecurity steps such as changing default passwords or updating software to patch gaps have not even been implemented and could be the difference between normal operations or a disruptive cyber attack," the letter said.