Emily Driehaus | Science Communication Intern
United States infrastructure, including water systems, is increasingly susceptible to cyber attacks meant to steal information, disrupt vital processes or potentially harm the public. Investment in cybersecurity for water infrastructure is necessary to prepare for digital threats and protect the public in the event of an attack.
Cyber Threats to Infrastructure
The recent Colonial Pipeline hack has ignited a national conversation about cybersecurity in critical infrastructure in the United States. This past Tuesday, the head of the Colonial Pipeline, Joseph Blount, told lawmakers that hackers were able to get into the system using a single stolen password. The hack led to days of increased gasoline prices and panic buying, causing fuel shortages in some areas. While these hackers targeted oil infrastructure, water systems are not exempt from the threat of cyber attacks and are at risk of falling victim to hacks that put the security and health of citizens at risk.
Case Study: Oldsmar, Florida
One of the most recent cyber attacks on water infrastructure in the U.S. occurred on February 5, 2021, in Oldsmar, Florida. A hacker was able to access the controls to a water treatment plant and attempted to increase the amount of sodium hydroxide in the water. The sodium hydroxide level, which is used to prevent corrosion of lead pipes, was set to increase from 100 parts per million to 11,100 parts per million before an employee recognized the intrusion and set the level back to normal. No one was harmed and no contaminated water made it out of the treatment plant, but the attack highlights the vulnerability of water infrastructure in the U.S., especially as more systems are connected to the internet and accessible via remote access software.
Protocol for Cybersecurity in Water Systems
The EPA and American Water Works Association have both released guidance for public water systems to encourage preventative action before a cybersecurity threat is realized. Their recommendations include robust IT practices and cybersecurity training for all employees in order to recognize a threat before it becomes a major issue. However, most public water systems in the U.S. serve less than 3,300 people, making strong cybersecurity difficult and costly to achieve.
Government Investment in Cybersecurity
The Drinking Water and Wastewater Infrastructure Act of 2021 includes cybersecurity as part of the bill’s investment in water infrastructure. Introduced by Sen. Tammy Duckworth, the bill would appropriate $25 million for cybersecurity projects in water infrastructure per fiscal year from 2022 through 2026. The Biden administration has endorsed the bill and the inclusion of cybersecurity as a necessary part of infrastructure investment. The bill also has bipartisan support and passed the Senate on April 29, 2021. This allocation of funds highlights the importance of cybersecurity measures for water systems as digital threats continue to evolve with rapidly changing technology.
Our Take
Infrastructure cybersecurity is almost entirely out of the public’s control, making ransomware and cyberattacks even more frightening. The best way to protect yourself and your family from potential attacks is to contact your legislators to advocate for stronger cybersecurity laws and infrastructure improvements.
Other Articles We Think You Might Enjoy:The American Jobs Plan To Allocate $111 Billion To Water Infrastructure Improvements
BPA and Phthalates: Are These Two Endocrine Disruptors in Your Water?
What You Need To Know About NRDC's Latest Nationwide Lead Report