White House calls for vigilance and action against cybersecurity threats at water treatment plants
The White House is warning and urging action over cybersecurity threats to the nation's water infrastructure.
In a letter to governors and state leaders, the White House invited agency leaders to a virtual meeting to address the concerns, writing in part: This would impose significant costs on affected communities. ”
The letter also highlights recent threats from threat actors linked to Iran and China. One incident targeted a facility that simply failed to change its default manufacturer password.
The Environmental Protection Agency (EPA) has outlined plans for a Water Sector Cybersecurity Task Force to help identify threats and develop short- and long-term strategies.
The company, which is one of Minnesota's largest wastewater treatment businesses and is managed by the city council, said it has long taken steps to protect its facilities from cyber threats.
“There's really starting to be a growing awareness that we need to take this issue seriously,” said Ron Coffey, process computers group manager for the Metropolitan Council's Environmental Services Division, about the increased attention from the federal level.
Coffey says limiting a facility's reliance on the internet and keeping its software and infrastructure up to date are important steps.
“This is a big deal for us because the old equipment didn't have the safety features that we have today,” Coffey said. “We make sure to get rid of the old stuff and put in new stuff that has security built in from the beginning.”
Timely, St. Paul city leaders and St. Paul Regional Water District (SPRWS) leaders held a cybersecurity workshop that included presenters from the FBI to the local level.
“This is critical right now because we're seeing an increase in threats and damage to these systems,” said Stephanie Horvath, chief information security officer at St. Paul's University. , the good thing is that we are responding,” he added.
SPRWS provides clean drinking water to approximately 450,000 people and says it has made this issue a top priority.
“We must continue to test the systems, training and processes in place to identify emerging gaps and address them.”
Efforts are underway at the state level. The Minnesota IT Services (MNIT) agency said it is working with the Department of Health and Pollution Control to develop and implement a “tailored cybersecurity program for public water and wastewater utilities.”
MNIT added that the effort is part of the state's “statewide cybersecurity plan.”
