On the week of May 20, 2024, the EPA issued an enforcement alert for water systems to take immediate cybersecurity measures as cyber threats against these systems increase.
The agency cited 70% utilities inspected last year violated standards meant to prevent cyber threats.
In the last calendar year alone, we’ve seen notable breaches of water systems in the U.S., Aliquippa, PA and North Texas. China-linked cyber threat actors Volt Typhoon have also been observed compromising water systems, among other critical infrastructures.
This may be just the tip of the iceberg.
As our cyber experts covered in our webinar Operational Technology: Hidden Dangers in Legacy Systems, water systems, critical infrastructures, and many other public services that use operational technology systems that are high-value targets often rely on legacy systems that are more difficult to cyber protect, not to mention budget concerns.
The enforcement guidance the EPA is providing is a good lesson for all organizations in cybersecurity.
- Always change default passwords
- Complete a cyber risk assessment of all vulnerabilities
- Develop an incident response plan complete with backups
- Cyber hygiene training for all staff
Watch the clip below from our webinar on operational technology, as our experts discuss what steps organizations should take, even if they rely on legacy technology, including segmentation and other ways to harden systems.
It’s critical for all organizations, especially public services, to conduct regular risk assessments of networks to find and address vulnerabilities to cyber threats. Reach out to our cyber experts today to get more information on a cyber risk assessment.
Other Resources
- Cybersecurity Awareness Month 2024: Steps to Secure Your Network
- Strengthen Your Defenses: The Essential Steps for Conducting a Cybersecurity Gap Analysis
- Insider Threat Awareness: Protecting Your Network From Within
- Practical Cybersecurity Principles for PSAPs | eBook
- Understanding the New CJIS Cybersecurity Requirements: A Guide