In an effort to stave off cyberthreats to its water treatment plant, Springdale is considering the installation of a cybersecurity system.
Dan Copeland presented fellow council members with two proposals from Gannett Fleming for a cybersecurity system at the water plant.
One costs $11,500 and the other costs $19,000.
“I think it’d be premature to vote on these. I want to get some other numbers,” Copeland said. “But as you can see, there’s two different levels of services that they can provide to us to make sure that our system is up to snuff as far as cyberattacks.”
There has been an increase in cyberattacks on municipal water and wastewater facilities, according to the U.S. Environmental Protection Agency. Cyberattacks have the potential to disrupt a community’s water supply, thus having taxpayers incur unexpected costs to remediate the situation.
EPA Administrator Michael Regan and national security adviser Jake Sullivan in March sent a letter to governors to discuss the urgent need to safeguard water sector infrastructure against cyberthreats.
In that letter, the officials outlined two common threats:
• People affiliated with the Iranian Government Islamic Revolutionary Guard Corps targeted and disabled operational technology at water facilities where the facility neglected to change a default manufacturer password;
• People’s Republic of China state-sponsored cyber group Volt Typhoon are compromising data; federal agencies strongly believe Volt Typhoon personnel are positioning themselves to disrupt infrastructure operations in the event of geopolitical tensions or military conflicts.
EPA spokeswoman Dominique Joseph said her agency is tracking about 50 reported cyber incidents this year against water and wastewater system, “though it is important to note that the absence of federal reporting requirements for water systems means that this number likely captures a proportion of all incidents across the sector.”
EPA recommends drinking water and waste water systems implement “basic cyber hygiene practices” such as conducting regular cybersecurity assessments, changing default passwords immediately and using strong passwords, and reducing exposure to the public-facing internet, Joseph said.
Locally, the Municipal Water Authority of Aliquippa was hacked in November. In that incident, computer technology that monitors water pressure shut down and a “You have been hacked” message appeared on its screen.
The authority had to shut down its automated system and continue operations manually. Six Iranian officials were sanctioned by the U.S. Treasury in February for the attack.
Copeland said Springdale’s water system hasn’t received any threats. He said the measure is preventive.
“I want to make sure our system is where it needs to be,” Copeland said.
