State governors are being urgently called upon by the White House, EPA [2] [3] [4] [5] [6] [7] [8] [9], and National Security Council to enhance cybersecurity in the water sector in response to escalating cyber threats, particularly from foreign governments like China and Iran.


Recent attacks by Chinese-sponsored hacking group Volt Typhoon and Iran’s IRGC have highlighted the critical need for improved cybersecurity practices in the water sector. The Treasury Department has sanctioned Iranian cyber operatives for supporting hacking activities targeting water treatment systems. The EPA has emphasized the importance of basic cybersecurity precautions such as changing default passwords and updating software. Legal challenges have hindered the EPA’s attempts to impose stricter cybersecurity rules for water utilities, underscoring the need for additional resources and action to enhance defenses in the underfunded water sector. The Biden Administration is working to strengthen protections for water treatment facilities against cyber threats [1], but faced legal pushback in October [1]. A group of water trade representatives testified before Congress [1], urging for more federal funding for training and resources to defend infrastructure [1]. CISA warns that over 150,000 water systems nationwide are vulnerable to cyberattacks [5], with the most serious threat coming from foreign governments that could potentially damage key water infrastructure [5].


The EPA and CISA are providing guidance and resources to help water systems improve their resilience against cyberattacks [2], emphasizing the importance of basic cybersecurity precautions such as updating software and resetting default passwords [2]. The Biden administration is working on regulations and support for new cyberdefense technologies to address cybersecurity challenges in the water sector [7]. The formation of a Water Sector Cybersecurity Task Force and recommendations for states to strengthen cybersecurity practices are crucial steps in safeguarding the US water sector against potential disruptions to critical infrastructure. National Security Advisor Jake Sullivan’s emphasis on integrating foreign and domestic policy to address cybersecurity challenges underscores the ongoing efforts to enhance cybersecurity practices in the water sector.