The U.S. Environmental Protection Agency (EPA) Office of Inspector General released a report on cybersecurity concerns in drinking water systems. As part of its continued oversight of the EPA’s role as a sector risk management agency, the office revealed that passive assessment of cybersecurity vulnerabilities was conducted on drinking water systems with populations served of 50,000 people or greater. The findings revealed exploitable cybersecurity weaknesses that could disrupt service, cause data loss, or lead to information theft.
Furthermore, while attempting to notify the EPA about the cybersecurity vulnerabilities, the OIG found that the EPA does not have its ‘cybersecurity incident reporting system’ that water and wastewater systems could use to notify the EPA of cybersecurity incidents.
“The passive assessment covered 1,062 drinking water systems for cybersecurity vulnerabilities that serve over 193 million people across the United States,” the EPA report identified. “Scan results for October 8, 2024, identified 97 drinking water systems serving approximately 26.6 million users as having either critical or high-risk cybersecurity…
