EPA pumps in funds to revitalize water infrastructure, adopt new cybersecurity approaches

The U.S. Environmental Protection Agency (EPA) released this week its 2021 notice of funding available to implement newer approaches including cybersecurity and green infrastructure, besides boosting investment in critical water infrastructure through innovative and flexible financing that can support a number of projects in both large and small communities.

These are lending programs under the agency’s Water Infrastructure Finance and Innovation Act (WIFIA) program, and state infrastructure financing authority WIFIA (SWIFIA) program. 

The round of WIFIA funding will provide up to US$5.5 billion to support $11 billion in water infrastructure projects and prioritizes five areas, including supporting economically stressed communities, protecting water infrastructure against the impacts of climate change, reducing exposure to lead and addressing emerging contaminants, updating aging infrastructure, and newer approaches including cybersecurity and green infrastructure.

“EPA’s $6.5 billion in water infrastructure funding will provide more than $13 billion in water infrastructure projects while creating more than 40,000 jobs,” EPA administrator Michael S. Regan, said in a press statement. “Today’s announcement illustrates the multiple benefits of investing in water infrastructure—better public health and environmental protection, job creation, and economic development. These benefits would be taken to new heights under President Biden’s American Jobs Plan.”

Increased connectivity of the operational technology (OT) networks to other networks, and to the internet of water infrastructure systems, has brought about a rise in process automation, mounting segmentation, and newer remote sensors and controls. The adoption of these tools in the ICS (industrial control systems) and SCADA (supervisory control and data acquisition) systems has contributed to new cyber threats and vulnerabilities, including malware and ransomware attacks. 

In February, unidentified cyber attackers were able to remotely gain access to a panel that controls the water treatment plant at the city of Oldsmar near Tampa, Florida. The hackers were able to carry out a modification in the panel setting that would have drastically increased the amount of sodium hydroxide in the water supply. 

U.S. security agencies subsequently revealed that preliminary information suggested that the hackers would have possibly obtained unauthorized access to the SCADA system, thereby exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system.

Industrial cybersecurity company OTORIO confirmed in December that a group of Iranian hackers gained access to a human-machine interface (HMI) system at an Israeli reclaimed water reservoir, and published a video hack. The target was unprotected and directly connected to the internet, without any security appliance defending it or limiting access. The system did not use any authentication method upon access.

Earlier this month, the U.S. government passed bipartisan legislation that aimed at investing in and modernizing the nation’s water infrastructure to protect it from cybersecurity and other threats. The Drinking Water and Wastewater Infrastructure Act of 2021 (DWWIA 2021 Act) was introduced in the Senate and comes after water crises earlier this year across the Southern states, including Texas, Oklahoma and Mississippi.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.