White House Sounds Alarm on Cybersecurity Threats to Water and Wastewater Systems
In a recent letter from the White House, it was revealed that critical infrastructure, particularly water and wastewater systems, is a prime target for foreign state-sponsored threat actors. The letter called for the cooperation of governors and invited state environmental, homeland security, and health agencies to a meeting to discuss the cybersecurity of the nation’s critical infrastructure.
Ken Dunham, Cyber Threat Director at Qualys Threat Research Unit, highlighted the risks faced by US water and wastewater systems due to the fragmented governance and security practices across different entities responsible for their management. He emphasized the potential catastrophic consequences of cyber attacks on these systems, leading to water shortages and widespread illness.
Casey Ellis, Founder and Chief Strategy Officer at Bugcrowd, pointed out the vulnerabilities of outdated software and operating systems in critical infrastructure cybersecurity, making them easy targets for malicious actors. He stressed the importance of proper segmentation of control systems and seeking guidance from middleware providers to enhance security.
Chad Graham, CIRT Manager at Critical Start, highlighted the various motivations driving attacks on US water and wastewater systems, including state-sponsored agendas and financial gain. He underscored the urgent need for robust cybersecurity measures in these sectors to prevent disruptions in essential services and protect public health and the environment.
The meeting called for by the White House aimed to address the security gaps in the water sector and develop federal government cybersecurity improvement plans. The insights from security leaders underscored the critical need for proactive measures to safeguard the nation’s vital infrastructure from cyber threats.
