Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Environment. Show all posts

EPA Report Reveals Cybersecurity Risks in U.S. Water Systems

 

A recent report from the Environmental Protection Agency (EPA) revealed that over 70% of surveyed water systems have failed to meet key cybersecurity standards, making them vulnerable to cyberattacks that could disrupt wastewater and water sanitation services across the United States. 

During inspections, the EPA identified critical vulnerabilities in numerous facilities, such as default passwords that had never been updated from their initial setup. In response, the agency issued an enforcement alert, urging water system operators to improve their cybersecurity measures. Recommended actions include conducting an inventory of operational assets, implementing cybersecurity training programs, and disconnecting certain systems from the internet to enhance security. 

The EPA has announced plans to increase inspections of water infrastructure and, when necessary, take civil and criminal enforcement actions to address any imminent and substantial threats to safety. Under Section 1433 of the Safe Water Drinking Act, community water systems serving over 3,300 people are required to perform comprehensive safety assessments and update their emergency response plans every five years. 

The high failure rate reported by the EPA indicates potential violations of this section, highlighting missed opportunities to protect these essential services through risk and resilience evaluations. This alert follows a series of cyber incidents over the past year, where nation-state hackers and cybercriminal groups have targeted water systems. These attacks have included unauthorized access to water treatment control systems, manipulation of operational technology, and other forms of sabotage. The regulatory environment for U.S. water systems is complex, often involving state and local government oversight.

Many rural water operators, unlike their federal counterparts, lack sufficient resources to bolster their digital defenses. While the EPA has attempted to enforce stricter security mandates, these efforts have faced legal challenges from GOP-led states and industry groups. In October, the EPA rescinded a directive that would have required water providers to assess their cybersecurity measures during sanitation surveys. Nation-state adversaries, including Chinese and Iranian hacking groups, have frequently breached U.S. water infrastructure. 

China's Volt Typhoon group has been particularly active, infiltrating critical infrastructure and positioning themselves for further attacks. In one instance, Iranian Revolutionary Guard Corps-backed hackers targeted industrial water treatment systems, and more recently, Russia-linked hackers breached several rural U.S. water systems, posing significant safety risks. In March, the EPA and the National Security Council issued a joint alert, urging states to remain vigilant against cyber threats targeting the water sector. The alert emphasized that drinking water and wastewater systems are attractive targets for cyberattacks due to their critical role and often limited cybersecurity capabilities. 

Moreover, a Federal Energy Regulatory Commission (FERC) official recently testified about the vulnerability of dam systems to cyberattacks, indicating that new cybersecurity guidelines for dams could be developed within the next nine months. The EPA's report underscores the urgent need for improved cybersecurity measures in U.S. water systems to protect these vital resources from potential cyber threats.

AI Development May Take a Toll on Tech Giant’s Environment Image


The Reputation of tech giants as a safe investment for investors interested in the environment, social issues, and governance as well as consumers who value sustainability is clashing with a new reality – the development and deployment of AI capabilities. 

With new data centres that use enormous quantities of electricity and water, as well as power-hungry GPUs used to train models, AI is becoming a greater environmental risk.

For instance, reports show that Amazon's data centre empire in North Virginia has consumed more electricity than Seattle, the company's home city. In 2022, Google data centres used 5.2 billion gallons of water, an increase of 20% from the previous year. The Llama 2 model from Meta is also thirsty.

Some examples of tech-giants that have taken initiatives to reduce the added environment strain include Microsoft’s commitment to have their Arizona data centers consume no water for more than half the year. Also, Google announced a cooperation with the industry leader in AI chip Nvidia and has a 2030 goal of replacing 120% of the freshwater used by its offices and data centres.

However, these efforts seem like some carefully-crafted marketing strategy, according to Adrienne Russell, co-director of the Center for Journalism, Media, and Democracy at the University of Washington.

"There has been this long and concerted effort by the tech industry to make digital innovation seem compatible with sustainability and it's just not," she said. 

To demonstrate her point, she explains the shift to cloud computing and noted the way Apple’s products are sold and presented to show association with counterculture, independence, digital innovation, and sustainability, a strategy used by many organizations. 

This marketing strategy is now being used to showcase AI as an environment-friendly concept. 

The CEO of Nvidia, Jensen Huang, touted AI-driven "accelerated computing"—what his business sells—as more affordable and energy-efficient than "general purpose computing," which he claimed was more expensive and comparatively worse for the environment.

The latest Cowen research report claims that AI data centres seek power, which is more than five times the power used in a conventional facility. GPUs supplied by Nvidia consume around 400 watts of power, making one AI server consume at least 2 kilowatts of power. Apparently, a regular cloud server uses around 300-500 watts.

Russel further added, "There are things that come carted along with this, not true information that sustainability and digital innovation go hand-in-hand, like 'you can keep growing' and 'everything can be scaled massively, and it's still fine' and that one type of technology fits everyone." 

As businesses attempt to integrate huge language models into more of their operations, the momentum surrounding AI and its environmental impact is set to rise.

Russel further recommended that companies should put emphasis on other sustainable innovations, like mesh networks and indigenous data privacy initiatives.

"If you can pinpoint the examples, however small, of where people are actually designing technology that's sustainable then we can start to imagine and critique these huge technologies that aren't sustainable both environmentally and socially," she said.

No environment is immune to cyber attacks : Research

Global cyber-security solutions provider Check Point Software Technologies Ltd, released its “Cyber Attack Trends: 2019 Mid-Year Report”, revealing that no environment is immune to cyber-attacks.

Threat actors continue to develop new tool sets and techniques, targeting corporate assets stored on cloud infrastructure, individuals’ mobile devices, trusted third-party supplier applications and even popular mail platforms:

Mobile banking: With over 50% increase in attacks when compared to 2018, banking malware has evolved to become a very common mobile threat. Today, banking malware is capable of stealing payment data, credentials and funds from victims’ bank accounts, and new versions of these malware are ready for massive distribution by anyone that’s willing to pay.

Software supply chain attacks: Threat actors are extending their attack vectors such as focusing on the supply chain. In software supply chain attacks, the threat actor typically instils a malicious code into legitimate software, by modifying and infecting one of the building blocks the software relies upon.

Email: Email scammers have started to employ various evasion techniques designed to bypass security solutions and anti-spam filters such as encoded emails, images of the message embedded in the email body, as well as complex underlying code which mixes plain text letters with HTML characters. Additional methods allowing scammers to remain under the radar of Anti-Spam filters and reaching targets’ inbox include social engineering techniques, as well as varying and personalizing email content.

Cloud: The growing popularity of public cloud environments has led to an increase in cyber-attacks targeting enormous resources and sensitive data residing within these platforms. The lack of security practices such as misconfiguration and poor management of the cloud resources, remains the most prominent threat to the cloud ecosystem in 2019, subjecting cloud assets to a wide array of attacks.

“Be it cloud, mobile or email, no environment is immune to cyber attacks. In addition, threats such as targeted Ransomware attacks, DNS attacks and Cryptominers will continue to be relevant in 2019, and security experts need to stay attuned to the latest threats and attack methods to provide their organizations with the best level of protection,” said Maya Horowitz, Director, Threat Intelligence & Research, Products at Check Point.