The U.S. Environmental Protection Agency has intensified its cybersecurity monitoring of American drinking water systems following inspections revealing widespread cybersecurity deficiencies
Despite the Safe Drinking Water Act's Section 1433 mandates on security, risk management, and notification requirements, EPA reports that over 70% of systems inspected were not compliant. The identified vulnerabilities include using default passwords and single logins for all staff. EPA issued a warning to water system owners to act promptly, change passwords, reduce public-facing internet exposure, and conduct regular cybersecurity assessments. Furthermore, the agency stated it has taken over 100 enforcement actions against violators since 2020, emphasizing emergency response plans and risk assessments. The EPA has the authority to enforce compliance with the Safe Drinking Water Act and can apply criminal sanctions if necessary. Amid heightened threats to water systems, EPA, CISA, and FBI have called for better cyber resilience in 2024, despite challenges in funding and technical resources within the water sector. https://www.bankinfosecurity.com/epa-cracks-down-on-us-water-systems-cybersecurity-violations-a-25295