The US Government has issued a warning about the vulnerability of water systems to cyberattacks. 

According to a recent correspondence from Environmental Protection Agency (EPA) Administrator Michael Regan and National Security Advisor Jake Sullivan to US state governors, there is a significant threat from hackers with affiliations to Iran and China. 

“Disabling cyberattacks are striking water and wastewater systems throughout the United States,” they said in a letter, emphasising the potential these attacks hold to “disrupt the critical lifeline of clean and safe drinking water” and impose substantial costs on affected communities.

This alert follows a series of cyber incursions into water and wastewater facilities, urging state governments and water entities to bolster their defences against the threats. 

The letter highlighted a lack of “even basic cybersecurity precautions” in many facilities, a factor that can pivot the scale from uninterrupted service to a disruptive cyberattack.

In one case, a fairly unskilled group of Iranian hackers was able to breach water utilities through industrial devices that were still using the default password “1111.”

In response to the heightened risk, the EPA plans to establish a task force aimed at identifying significant vulnerabilities within water systems to cyberattacks, among other pressing issues. 

The ongoing cyber threats have not only alarmed US officials but have also drawn attention to the challenges in securing the water sector, where financial and personnel constraints complicate its ability to counter hacking threats effectively.

Recent incidents, such as the breach of industrial equipment at multiple US water facilities by hackers displaying an anti-Israel message, have been attributed to the Iranian government by US officials. Similarly, Chinese state-backed hackers have infiltrated US water facilities, raising concerns about the potential for disruption in critical infrastructure during conflicts.