Posted on

Bill takes aim at water hackers


Steve Brawner Arkansas Commentary

U.S. Rep. Rick Crawford was a bomb disposal technician in the Army. Now he is proposing legislation meant to diffuse a different type of ticking time bomb.

The 1st District congressman says water and wastewater systems across the country are vulnerable to cyberattacks, and he’s not alone.

Using language related to his Army days, Crawford said the country should get “left of the boom” on this issue. In other words, it should take action before the disaster takes place.

“Obviously, we want to be on the left side of an incident, not the right side,” he said Tuesday. “Anything after an incident takes place is consequence management, and we need to be more proactive to prevent things as opposed to manage consequences.”

Crawford has introduced a bill requiring the Environmental Protection Agency to certify the creation of a Water Risk and Resilience Organization. It would propose regulations the EPA would approve for water systems that serve 3,300 or more persons, as well as implementation plans for those water systems to use. It also could impose penalties. The industry would help select the organization’s directors, a provision meant to help the water sector and the EPA work together. The American Water Works Association and two other industry groups support the bill.

“It’s not necessarily about regulations,” he said. “It’s about using what we have, the existing regime that we have efficiently and making sure that we’re employing the appropriate


From page A4

measures to safeguard our water systems.”

Crawford pointed to a “Scale Up” event he hosted in Jonesboro in 2021 where intelligence community officials talked about threats to various industries. A utility like City Water and Light in Jonesboro should know who to contact, how to receive information, and where to implement security measures.

“Local folks have to have an appropriate reporting protocol to share information up the chain, and they also need to be shared with down the chain. So we need to create that connective tissue between local, county, state, federal agencies,” he said.

Worrying about water system hackers may not have been on your bingo card today. There’s so much else to stress about, if we choose to be stressed. But it’s a situation worth being aware of.

Crawford, who could be the next House Transportation and Infrastructure Committee chair, pointed to a series of concerning recent events. Earlier this year, a hacker group linked to Russia was suspected of causing a city water tank in Muleshoe, Texas, to overflow for 30-45 minutes.

Last November, a Pennsylvania water system was attacked by pro-Iran hackers. FBI Director Christopher Wray earlier this year testified that Chinese hackers had targeted critical infrastructure including water treatment plants, electrical grids and pipelines.

That means water systems are not the only infrastructure threatened by outside adversaries and hackers.

American society has quickly become dependent on amazingly efficient technology that’s also not secure. There could be ticking time bombs across America’s infrastructure.

Crawford is looking for Democratic co-sponsors of the bill and also will look for a Senate partner.

He thinks the bill will have support from both parties.

“[Adversaries are] not asking customers of water systems whether you’re Democrat or Republican,” he said. “That’s the nature of this is that we have to put all these partisan politics aside to be able to protect everybody in the country.”

He was less hopeful about working with the executive branch. He said the Biden Administration has done less outreach with Congress than the Trump or Obama administrations did.

However, Biden administration officials are aware of the threat. In a letter to the nation’s governors dated March 18, EPAAdministrator Michael Regan and National Security Advisor Jake Sullivan warned that “Disabling cyberattacks are striking water and wastewater systems throughout the United States.” They noted that an Iran group had disabled technology at a facility that had neglected to change the default manufacturer password. They asked that states assess their current practices and identify vulnerabilities. And they asked states to meet with them to discuss the situation.

It’s in everybody’s interest to ensure our water is safe. Let’s hope Republicans and Democrats in Congress and the executive branch put aside their differences on this issue.

Whether it’s Crawford’s bill or something else, let’s get to the left of the boom.

Steve Brawner is a syndicated columnist in Arkansas. Email him at brawnersteve@ mac. com.

Follow him on Twitter at @ stevebrawner.

Scroll Up