The White House is warning and urging action surrounding cybersecurity threats against the nation’s water infrastructure.

In a letter to governors and state leaders, the White House also invited agency leaders to a virtual meeting to address this concern, writing in part, “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

The letter also highlights recent threats by actors affiliated with Iran and China — one case targeting a facility that simply failed to change a default manufacturer password.

The Environmental Protection Agency (EPA) outlines plans for a ‘Water Sector Cybersecurity Task Force’ to help identify threats and create short and long-term strategies.

One of Minnesota’s largest wastewater treatment operations, managed by the Metropolitan Council, says it’s been taking steps to secure its facilities against cyber threats for years.

“It’s really started to heighten awareness that you need to take this stuff seriously,” Lon Coffey, Process Computer Group manager for the environmental services department of the Met Council, said about the added attention from the federal level.

Coffey says a couple of key steps include limiting facilities’ reliance on the internet and keeping software and infrastructure up-to-date.

“The older equipment did not have the safeguards in place that there are now, so that’s a big thing for us,” Coffey said. “Making sure we’re getting rid of the old stuff, bringing in the new stuff that has security kind of wrapped around it from the get-go.”

In timely fashion, St. Paul city leaders along with those from the St. Paul Regional Water Services (SPRWS) held a cybersecurity workshop that included presenters from the FBI all the way to the local level.

“It is critical right now because we are seeing increased threat and harm to those systems,” Stephanie Horvath, St. Paul’s chief information security officer, said, adding: “But the good thing is, we are responding.”

The SPRWS says it provides clean drinking water to around 450,000 people — making this issue a top priority.

“We need to continuously test the systems, the training, the processes that we have in place to make sure that we’re identifying new gaps that show up and continuing to address them,” Racquel Vaske, interim general manager for the water plant, said.

There are efforts underway at the state level — the Minnesota IT Services (MNIT) agency says it’s working with the Department of Health and Pollution Control Agency to develop and implement a “cybersecurity program tailored for public water and wastewater providers.”

MNIT added the efforts are part of the state’s ‘Whole-of-State Cybersecurity Plan.‘