Cybersecurity measures for energy, water, and healthcare sectors outlined in Congressional hearing
The United States government is stepping up efforts to protect critical infrastructure, including water systems, from cyber threats. The Department of Energy (DOE) is at the forefront of this initiative, piloting a program called the Energy Threat Analysis Center. This center aims to coordinate threat information from both the private industry and the intelligence community.
In a recent hearing, federal officials and security industry experts voiced concerns about a sharp increase in attacks targeting hospitals and healthcare systems. Ransomware has emerged as a major method of attack, with the number of cyber attacks against the sector doubling between 2016 and 2021. The FBI issued warnings in 2021 regarding the risk of ransomware attacks targeting drinking and wastewater facilities.
The Household Services sector, including drinking and wastewater systems, is a primary focus for federal authorities to protect against cyber threats. The Cybersecurity and Infrastructure Security Agency (CISA) has identified water as one of the key sectors it would focus on, particularly in smaller communities. These under-resourced public utilities may not have their own IT infrastructure or expertise in cyber security in smaller communities.
The Environmental Protection Agency (EPA) is the sector risk management agency for the drinking water and wastewater industries. The EPA is responsible for the Sector Coordinating Council for these sectors in the United States. However, David Travers, director of the Water Infrastructure and Cyber Resilience Division of the EPA, stated that the most significant risk to the water sector is the failure of many utilities to adopt best practices.
The Energy Threat Analysis Center program has already proven its worth. It has helped convert threats developed from the Russia-Ukraine conflict into cyber advisories that were sent out to the entire energy sector. The program also played a crucial role in helping to recover from the 2021 ransomware attack against Colonial Pipeline, which disrupted fuel supplies to much of the southeast and east coast of the U.S. for almost a week.
The White House unveiled its national cybersecurity strategy two months ago, which includes a plan to boost the resilience of the nation's critical infrastructure sectors against threats from nation states and criminal ransomware groups. Congress will need to step in to fully stand up the Energy Threat Analysis Center, and the current plan calls for a 2027 launch.
The threat landscape is not limited to the U.S. Puesh Kumar, director of the Office of Cybersecurity, Energy, Security and Emergency Response at the Department of Energy, stated that each annual threat assessment from the U.S. intelligence community since 2019 has pointed to persistent and malicious threats against U.S. infrastructure. Kumar also mentioned that Russia and the People's Republic of China each have the cyber capability to disrupt energy services in the U.S.
In the U.S., incidents of cyber threats against water infrastructure are not unheard of. In Florida, there was an alleged attempt to poison a water facility. In Kansas, a former employee pleaded guilty to tampering with a drinking water facility.
As the government and private sector work together to strengthen cybersecurity measures, it is crucial to ensure that the majority of public water systems, which are small and serve fewer than 10,000 people, are not left behind. The future of water infrastructure security lies in effective collaboration and the adoption of best practices.
Read also:
- Electric-powered vessels take to the waters of Maine
- Elon Musk accused by Sam Altman of exploiting X for personal gain
- Comparing the value of top electric scooters: Kinetic DX versus Bajaj Chetak versus TVS iQube - Which one offers the best bang for the buck?
- Tech tycoon Elon Musk alleges Apple is preferring OpenAI, sparking potential lawsuits contemplation
