Critical Infrastructure Security

Water cybersecurity plan paused

Reuters reports that the U.S. Environmental Protection Agency's guidance for enhancing the cybersecurity of public water systems has been temporarily suspended by an appeals court amid an ongoing lawsuit filed by the state attorneys general of Arkansas, Iowa, and Missouri. The EPA was alleged by the lawsuit of having inadequate authority to compel states and local water suppliers to conduct cybersecurity assessments. Such a decision has been praised by Arkansas Attorney General Tim Griffin, while the National Rural Water Association noted the significant burden of the EPA plan on small water systems even if it also advances better cybersecurity. Improved cybersecurity defenses have long been sought for the water sector, which has been highly vulnerable to attacks that could prompt water shortages or deadly situations due to the manipulation of chemical concentrations during the treatment process. One Kansas-based water facility was noted to have its systems taken down in March 2019 by a former employee using old credentials.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.