By Sean Lyngaas, CNN
The Biden administration will help deliver cyber defense technologies and threat intelligence to US water utilities to try to bolster security for a sector that is often short of cash and personnel to deal with hacking threats, officials announced Thursday.
The “100-day” plan to increase cybersecurity resources for some of America’s 150,000 public water systems comes a year after a hacker breached a Florida water treatment facility and temporarily changed the plant’s chemical setting to a potentially dangerous level.
The incident at the Tampa-area facility did not cause any harm, but it spurred a heightened focus on the sector’s vulnerabilities among federal officials and the water industry.
“There is absolutely inadequate cyber resilience across the water sector” to criminal and state-sponsored hackers, a senior administration told reporters in previewing the announcement.
The water security initiative will first focus on defenses at the water systems that serve the most people and then expand to smaller facilities, officials said.
The Environmental Protection Agency and US Cybersecurity and Infrastructure Security Agency will invite water utilities to a pilot program to deploy more sophisticated defensive tools on their systems, officials said. Data from the pilot program — and input from water utilities already using such technology — will be the basis of training and guidance that federal officials provide the sector.
The initiative follows similar “100-day plans” that the Biden administration has done to boost cybersecurity in the electricity and natural gas sectors.
The water security initiative is voluntary. Whereas, in other cases, federal agencies can regulate pipelines and electric utilities, they have very limited authority to impose cybersecurity rules on water utilities.
The stakes are high.
“Cyberattacks represent an increasing threat to water systems and thereby the safety and security of our communities,” EPA Administrator Michael S. Regan said in a statement.
The water sector, like other critical infrastructure, has to contend with ransomware attacks and the potential for…