Skip to main content
close search
site logo

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

Published Dec. 17, 2024
David Jones's headshot
Reporter
A facade of the U.S. Environmental Protection Agency signage on the wall of its building
A facade of the U.S. Environmental Protection Agency signage on the wall of its building. Joe Cicak via Getty Images

Dive Brief:

  • A House member representing a Pennsylvania district targeted by an Iran-linked hack in 2023 is sponsoring a bill that would double cyber resilience funding for local water utilities. 
  • Rep. Chris Deluzio, a Democrat, unveiled the Water Authority Cybersecurity Protection Act on Friday, which would authorize $25 million in funding over two years through a program that will help community-based water systems design programs for emergency response.  
  • The proposed legislation follows a series of high-profile attacks against water systems in the U.S. and a continued push by federal authorities to get local water authorities to improve their cyber hygiene practices. Among other tactics, there's a push to end reliance on default passwords, remove devices from the open internet and use multifactor authentication.

Dive Insight:

Deluzio’s district endured what some consider the opening shot in a wave of sophisticated attacks against U.S. water systems. 

A threat group linked to Iran’s Islamic Revolutionary Guard Corps attacked the Municipal Water Authority of Aliquippa, Pennsylvania, in November 2023, by targeting Unitronics PLCs, which are programmable logic controllers. 

The Cybersecurity and Infrastructure Security Agency repeatedly warned about hacktivist groups linked to Iran, Russia and other countries targeting U.S. water facilities by exploiting weaknesses in drinking and wastewater treatment systems. 

Community-based water systems, lacking the resources to employ full-time cyber specialists, were leaving systems vulnerable to attack by failing to employ the most basic cyber resilience measures. 

“This urgent issue implicates oversight and authority, resources and training — the last of which is only possible through sufficient resources and training,” Zoe Bluffstone, a spokesperson for Deluzio, said via email. 

An investigation from the inspector general at the Environmental Protection Agency released in November showed more than 300 water utilities had vulnerabilities that put them at greater risk of being hacked. 

Last week, the EPA and CISA released a joint fact sheet for the water utility sector that highlighted the risks presented by internet-exposed human machine interfaces.

Earlier this month, Minnesota-based Kurita America disclosed it was the target of a late November ransomware attack. The company, a unit of Japan-based Kurita Group, is a major provider of water treatment solutions for industrial use. 

Editors' picks

Company Announcements

View all | Post a press release
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.