>>147415

"Recent EPA reports have found further issues with water system cybersecurity. For example, on May 20, 2024, the EPA issued an “enforcement alert,” which outlined “the urgent cybersecurity threats and vulnerabilities to community drinking water systems and the steps these systems need to take to comply with the Safe Drinking Water Act.” According to the EPA, its “inspectors have identified alarming cybersecurity vulnerabilities at drinking water systems across the country and taken actions to address them.” The EPA concluded that over 70 percent of inspected water systems fail to comply with section 2013 of AWIA. The enforcement alert found that water systems had inadequate risk and resilience assessments and emergency response plans. In addition, the enforcement alert found significant failures in best practices, such as failure to change default passwords, use of single logins for all staff, and failure to curtail access by former employees."
page 5
https://www.epaoig.gov/sites/default/files/reports/2024-11/full_report_-_25-n-0004t_1.pdf