The latest threat to drinking water systems? Cyberattacks, EPA says

Muleshoe is a town of about 5,000 people located in north Texas. In January, it became the victim of a cyberattack by a hacking group with possible ties to the Russian government, CNN reported. The hackers’ target? The town’s drinking water system.

Few city infrastructures are more critical than drinking water systems—and many of those drinking water systems are critically vulnerable to cyberattacks, according to an enforcement alert issued May 20 by the Environmental Protection Agency, which stressed the significance of the looming threat for public water systems.

Muleshoe wasn’t an anomaly; the EPA said its enforcement alert was issued in response to an uptick in the frequency and severity of cyberattacks on water systems around the nation. The EPA also recently found that more than 70% of community drinking water systems it had inspected were not in compliance with the Safe Drinking Water Act, leaving them vulnerable to cyberattacks. In an interview with CNN, one water-sector cybersecurity expert referred to water utility systems as “low-hanging in fruit” for hackers.

Cybersecurity deficiencies in many of the nation’s public water systems include default passwords that have not been updated and single logins “that can be easily compromised,” according to the EPA.

In the case of Muleshoe, hackers broke into a remote login system that allowed operators to connect with a water tank. The hackers then caused the water tank to overflow for around 30–45 minutes before town officials shut down the compromised machine and switched to manual operations, CNN reported. Other small towns in Texas reported similar attempted cyberattacks, with Hale Center, Texas, City Manager Mike Cypert telling the Texas Tribune that there were 37,000 attempts in four days to log into their water system’s firewall. (The cyberattack was thwarted when the town shut down the system and went manual.)

To read the complete article, visit American City & County.