News and Press

EPA Recommendation: Improve Water System Cybersecurity


Recent EPA guidelines will require the 100,000+ public water systems to improve, and in some cases, install an effective cybersecurity program.

United States of America: If you were to ask the average American what their thoughts are when the hear the word cybersecurity, you’ll likely hear data protection, hacking, stolen identity and the like.

But what you will not likely hear is the word water.

But that’s exactly what the priority is for the EPA. It was mandated by the EPA that all state regulators add a minimum amount of cybersecurity protocols to their existing program – if any exist at all.

As the world continues to integrate technology into various parts of society like water, energy, utilities, etc., so will the need to protect this technology.

Radhika Fox, assistant administrator at the EPA told the media, “Cyberattacks that are targeting water systems pose a real and significant threat to our national security. This is not hypothetical.” Fox continued, “Many don’t even have basic cybersecurity practices in place.”

Recent Attacks

This is less of a preemptive measure and more of a delayed response as there have already been cases of recent hacks of water facilities in several parts of America.

According to a report by the Cybersecurity & Infrastructure Security Agency, it stated, “On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process.”

How It Happened

In that February 5th attack in Florida, a water treatment plant operator noticed the mouse cursor moving on the computer monitor on its own. Unsure of what was going on, the worker observed the cursor moving around different software functions, eventually finding its way to the software that controlled chemical levels.

The hacker then raised the amount of sodium hydroxide and changed the computer settings to add more than 100 times its normal amount of the chemical.

Sodium hydroxide is the main ingredient in liquid drain cleaners, a strong substance that can be compared to having the scent and strength of bleach. The chemical is used to control the acidity and help remove unwanted metals in the public drinking water. If high concentrations are ingested, it can cause burns, bleeding, vomiting and extreme pain and discomfort.

After the hacker changed the settings and left the computer program, the operator quickly reset the sodium hydroxide levels back before any was physically added to the water, preventing a local disaster.  


The Plan for Cybersecurity Improvement

According to the United States government, water, pipelines and railways are set to face tighter cybersecurity requirements in the immediate future. They cite an increase in threats from criminal enterprises and adversarial nation-state groups.

The released memo containing the improvements for cybersecurity protocols are to take effect immediately. Among some of the required improvements include:

  • Multifactor authentication
  • Detection of repeated login attempts
  • Password management
  • Additional user credentials for internal information systems
  • And more

The EPA will require both the implementation of cybersecurity defenses as well as the detection of vulnerabilities which will lead to correction. The memo’s directive is to improve cybersecurity protocols on every level to prevent a disaster.

Haiku is the Answer

There is going to a strong push for more cybersecurity professionals in the coming years. Our water, railways and pipelines industries are just a fraction of organizations currently scrambling to enact effective cybersecurity protocols. Thousands of companies and other organizations are frantically searching for qualified cybersecurity professionals to protect their assets from devastating attacks.

That’s why we created Haiku. We provide our users with critical cybersecurity training and skills enhancements using a highly engaging, entertaining methodology.

It’s a gamified platform where users can enroll and enter a cyberpunk environment to learn everything “cybersecurity”. Users will be given various missions based on real-world scenarios to learn and acquire skills that translate directly to the cybersecurity workforce.

Although many organizations and businesses already have dedicated IT departments, we aim to add an entire workforce of cybersecurity professionals to create an international advantage. IT professionals can help with short-term, immediate solutions. But there are much greater threats that continue to broaden our online susceptibility – one that only cybersecurity professionals will be equipped to handle.

If something as technologically basic as a water treatment facility can be hacked, what’s next? Let’s not wait to find out. Let’s continue building our cybersecurity workforce – with Haiku.

– Haiku

Ready to get a 24% skill boost in just 70 minutes?

Start Your Free Trial Today