Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.
Cybersecurity professionals have sounded the alarm to Congress regarding the susceptibility of America’s water systems to cyberattacks, especially from Chinese and Russian hackers.
Charles Clancy, senior vice president at the MITRE Corporation, expressed concerns, stating, “The US water sector needed to prepare for large-scale cyber conflict,” and emphasizing the need for “more targeted measures to fight off hostile forces in a crisis.” His testimony to the House Homeland Security subcommittee shed light on the dire situation, where he mentioned, “The US military is kicking its response planning into high gear, but the US may be existentially unprepared to defend its critical infrastructure.”
Robert Lee, CEO of Dragos, further detailed the challenges faced by the water sector in utilizing even freely provided cybersecurity tools due to inadequate infrastructure. He shared with lawmakers, “To use any technologies most of the water municipalities need basic infrastructure upgrade,” and revealed, “Even a one-time cost of $3,000 on hardware and networking gear would be completely out of budget for these organizations.”
The severity of these cybersecurity vulnerabilities led to discussions on potentially disconnecting sensitive technology systems from the internet as a protective measure. Rep. Carlos Gimenez suggested, “The vulnerability comes from the fact you’re tied to the internet,” advocating for a closed system to enhance security. However, Lee countered, “Operational technology systems were built in a manner that makes moving things offline a bad idea,” emphasizing the need to manage risk while remaining online.