US EPA Report Cites Cybersecurity Flaws in Drinking Water Systems, Flags Disruption Risks and Lack of Incident Reporting
The U.S. Environmental Protection Agency (EPA) Office of Inspector General released a report on cybersecurity concerns in drinking water systems. As part of its continued oversight of the EPA’s role as a sector risk management agency, the office revealed that passive assessment of cybersecurity vulnerabilities was conducted on drinking water systems with populations served of 50,000 people or greater. The findings revealed exploitable cybersecurity weaknesses that could disrupt service, cause data loss, or lead to information theft.
Furthermore, while attempting to notify the EPA about the cybersecurity vulnerabilities, the OIG found that the EPA does not have its ‘cybersecurity incident reporting system’ that water and wastewater systems could use to notify the EPA of cybersecurity incidents.