An anonymous reader quotes a report from KrebsOnSecurity: The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus. Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned? to let users know when their email addresses or password are leaked in data breaches. On March 14, KrebsOnSecurity published a story showing that Onerep's Belarusian CEO and founder Dimitiri Shelest launched dozens of people-search services since 2010, including a still-active data broker called Nuwber that sells background reports on people. Onerep and Shelest did not respond to requests for comment on that story.

But on March 21, Shelest released a lengthy statement wherein he admitted to maintaining an ownership stake in Nuwber, a consumer data broker he founded in 2015 -- around the same time he launched Onerep. Shelest maintained that Nuwber has "zero cross-over or information-sharing with Onerep," and said any other old domains that may be found and associated with his name are no longer being operated by him. "I get it," Shelest wrote. "My affiliation with a people search business may look odd from the outside. In truth, if I hadn't taken that initial path with a deep dive into how people search sites work, Onerep wouldn't have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I'm aiming to do better in the future." The full statement is available here (PDF).

In a statement released today, a spokesperson for Mozilla said it was moving away from Onerep as a service provider in its Monitor Plus product. "Though customer data was never at risk, the outside financial interests and activities of Onerep's CEO do not align with our values," Mozilla wrote. "We're working now to solidify a transition plan that will provide customers with a seamless experience and will continue to put their interests first." KrebsOnSecurity also reported that Shelest's email address was used circa 2010 by an affiliate of Spamit, a Russian-language organization that paid people to aggressively promote websites hawking male enhancement drugs and generic pharmaceuticals. As noted in the March 14 story, this connection was confirmed by research from multiple graduate students at my alma mater George Mason University.

Shelest denied ever being associated with Spamit. "Between 2010 and 2014, we put up some web pages and optimize them -- a widely used SEO practice -- and then ran AdSense banners on them," Shelest said, presumably referring to the dozens of people-search domains KrebsOnSecurity found were connected to his email addresses (dmitrcox@gmail.com and dmitrcox2@gmail.com). "As we progressed and learned more, we saw that a lot of the inquiries coming in were for people." Shelest also acknowledged that Onerep pays to run ads on "on a handful of data broker sites in very specific circumstances." "Our ad is served once someone has manually completed an opt-out form on their own," Shelest wrote. "The goal is to let them know that if they were exposed on that site, there may be others, and bring awareness to there being a more automated opt-out option, such as Onerep."

The U.S. Department of Transportation has announced it will conduct a review of the data practices of the country's ten largest airlines, amid concerns over potential misuse of customer information for upselling, overcharging, targeted advertising, and third-party data sales, as well as the security of systems handling sensitive data such as passport numbers. From a report: The probe will look at air carriers' policies and procedures to determine if they are safeguarding personal info properly, unfairly or deceptively monetizing it, or sharing it with third parties, the agency said yesterday. If they're indeed doing anything "problematic," they can look forward to scrutiny, fines, and new rules, says the DOT. "Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees," said US Transportation Secretary Pete Buttigieg.

"This review of airline practices is the beginning of a new initiative by DOT to ensure airlines are being good stewards of sensitive passenger data." The ten airlines going under the magnifying glass are Delta, United, American, Southwest, Alaska, JetBlue, Spirit, Frontier, Hawaiian and Allegiant.

In the shadow of a massive monument glorifying nuclear power, over 30 nations from around the world pledged to use the controversial energy source to help achieve a climate-neutral globe while providing countries with an added sense of strategic security. Associated Press: The idea of a Nuclear Energy Summit would have been unthinkable a dozen years ago after the 2011 Fukushima nuclear accident in Japan, but the tide has turned in recent years. A warming planet has made it necessary to phase out fossil fuels, while the war in Ukraine has laid bare Europe's dependence on Russian energy. "We have to do everything possible to facilitate the contribution of nuclear energy," said Rafael Grossi, the head of the International Atomic Energy Agency. "It is clear: Nuclear is there. It has an important role to play," he said.

In a solemn pledge, 34 nations, including the United States, China, France, Britain and Saudi Arabia, committed "to work to fully unlock the potential of nuclear energy by taking measures such as enabling conditions to support and competitively finance the lifetime extension of existing nuclear reactors, the construction of new nuclear power plants and the early deployment of advanced reactors." The statement adds: "We commit to support all countries, especially emerging nuclear ones, in their capacities and efforts to add nuclear energy to their energy mixes."

The guardians of the world's official geological timescale have firmly rejected a proposal to declare an Anthropocene epoch, after an epic academic row. From a report: The proposal would have designated the period from 1952 as the Anthropocene to reflect the planet-changing impact of humanity. It would have ended the Holocene epoch, the 11,700 years of stable climate since the last ice age and during which human civilisation arose. The International Union of Geological Sciences (IUGS) has announced, however, that geologists have rejected the idea in a series of votes. Those objecting noted a much longer history of human impacts on Earth, including the dawn of agriculture and the industrial revolution, and unease about including a new unit in the geological timescale with a span of less than less than a single human lifetime, it said. Most units span thousands or millions of years.

It also acknowledged: "The Anthropocene as a concept will continue to be widely used not only by Earth and environmental scientists, but also by social scientists, politicians and economists, as well as by the public at large. As such, it will remain an invaluable descriptor in human-environment interactions." The Anthropocene working group (AWG), which was formed by the Subcommission on Quaternary Stratigraphy (SQS), in turn part of the IUGS, took 15 years to develop the proposal. It concluded that the radioactive isotopes spread worldwide by hydrogen bomb tests were the best marker of humanity's transformation of the planet. Geological time units also need a specific location to typify the unit and the Crawford sinkhole lake in Canada was chosen.

An anonymous reader shares a report: On Monday, the Biden administration announced that six new countries had joined an international coalition to fight the proliferation of commercial spyware, sold by companies such as NSO Group or Intellexa. Now, some investors have announced that they too are committed to fighting spyware. But at least one of those investors, Paladin Capital Group, has previously invested in a company that developed malware, according to a leaked 2021-dated slide deck obtained by TechCrunch, although the firm tells TechCrunch it "got out" of the firm some time ago.

In the last couple of years, the U.S. government has led an effort to limit or at least restrain the use of spyware across the world by putting surveillance tech makers like NSO Group, Candiru, and Intellexa on blocklists, as well as imposing export controls on those companies and visa restrictions on people involved in the industry. More recently, the government has imposed economic sanctions not only on companies, but also directly on the executive who founded Intellexa. These actions have put others in the spyware industry on alert. In a call with reporters on Monday that TechCrunch attended, a senior Biden administration official said that a representative from Paladin participated in meetings at the White House on March 7, as well as this week in Seoul, where governments gathered for the Summit for Democracy to discuss spyware.

Paladin, one of the biggest investors in cybersecurity startups, and several other venture firms published a set of voluntary investment principles, noting that they would invest in companies that "enhance the defense, national security, and foreign policy interests of free and open societies." "For us, it was an important first step in having an investor outline both recognition that investments should not be going towards companies that are undertaking selling products, and selling to clients that can undermine free and fair societies," the senior administration official said in the call, where journalists agreed not to quote the officials by name.

Food prices and overall inflation will rise as temperatures climb with climate change, a new study by an environmental scientist and the European Central Bank found. From a report: Looking at monthly price tags of food and other goods, temperatures and other climate factors in 121 nations since 1996, researchers calculate that "weather and climate shocks" will cause the cost of food to rise 1.5 to 1.8 percentage points annually within a decade or so, even higher in already hot places like the Middle East, according to a study in Thursday's journal Communications, Earth and the Environment.

And that translates to an increase in overall inflation of 0.8 to 0.9 percentage points by 2035, just caused by climate change extreme weather, the study said. Those numbers may look small, but to banks like the U.S. Federal Reserve that fight inflation, they are significant, said study lead author Max Kotz, a climate scientist at the Potsdam Institute for Climate Impact Research in Germany. "The physical impacts of climate change are going to have a persistent effect on inflation," Kotz said. "This is really from my perspective another example of one of the ways in which climate change can undermine human welfare, economic welfare."

According to a United Nations report, humans are producing electronic waste almost five times faster than we're recycling it. "While e-waste recycling has benefits estimated to include $23 billion of monetized value from avoided greenhouse gas emissions and $28 billion of recovered materials like gold, copper, and iron, it also comes at a cost -- $10 billion associated with e-waste treatment and $78 billion of externalized costs to people and the environment," reports The Register. "Overall, this puts the net annual economic monetary cost of e-waste at $37 billion. And this is expected to reach $40 billion by 2030 if improvements in e-waste management and policies aren't made." From the report: The 2024 Global E-waste Monitor (GEM) [PDF] was prepared by the UN's International Telecommunication Union (ITU) and the UN Institute for Training and Research (UNITAR). The report reveals that annual generation of e-waste -- discarded devices with a plug or battery -- is growing at a rate of 2.6 million metric tons per year (a metric ton is equivalent to roughly 2,204.62 pounds -- all units in this story are metric) and is expected to reach 82 million tons by 2030, from 62 million tons in 2022. Those 62 million tons, the report suggests, would fill 1.55 million 40-ton trucks, which would roughly encircle the equator -- if you parked them end-to-end and paved the relevant oceans. And that's to say nothing of the economic consequences of taking so many trucks out of service and disrupting global shipping routes with an equatorial parking structure, so let's not.

Of the 62 million tons of e-waste generated globally in 2022, an estimated 13.8 million tons was documented, collected, and properly recycled. Another 16 million tons is said to have been recycled through undocumented channels in high and middle-income countries with developed waste management infrastructure. A further 18 million tons, it is estimated, was processed in low and middle-low income countries without developed e-waste management systems -- through which toxic chemicals get released. And the final 14 million tons are said to have been thrown away to end up mainly in landfills -- also not ideal.

The rate of e-waste creation and recycling varies by region. In Europe, per capita e-waste generation is 17.6 kg and recycling is 7.5 kg. In Oceania, it's 16.1 kg and 6.7 kg respectively. In the Americas, it's 14.1 kg and 4.2 kg. The annual average formal collection and recycling rate in Europe is 42.8 percent, compared to 41.4 percent in Oceania, 30 percent in the Americas, 11.8 percent in Asia, and 0.7 percent in Africa. The report calls for stronger formal e-waste management and for policy makers to make sure that initiatives to promote renewable energy don't end up undermining environmental concerns. It notes, for example, that e-waste from photovoltaic panels -- to generate solar power -- is expected to quadruple from 0.6 million tons in 2022 to 2.4 million tons in 2030.

An anonymous reader quotes a report from CNBC: UnitedHealth Group said Monday that it's paid out more than $2 billion to help health-care providers who have been affected by the cyberattack on subsidiary Change Healthcare. "We continue to make significant progress in restoring the services impacted by this cyberattack," UnitedHealth CEO Andrew Witty said in a press release. "We know this has been an enormous challenge for health care providers and we encourage any in need to contact us."

UnitedHealth disclosed nearly a month ago that a cyber threat actor breached part of Change Healthcare's information technology network. The fallout has wreaked havoc across the U.S. health-care system. Change Healthcare offers e-prescription software and tools for payment management, so the interruptions left many providers temporarily unable to fill medications or get reimbursed for their services by insurers. UnitedHealth, which provides care for 152 million people, said on Monday that it began releasing medical claims preparation software, which will be available to thousands of customers in the next several days. The company called it "an important step in the resumption of services."

On Friday, UnitedHealth said it restored Change Healthcare's electronic payments platform, after rebooting 99% of its pharmacy network services earlier this month. It also introduced a temporary funding assistance program to help health-care providers experiencing cash flow trouble because of the attack. UnitedHealth said the advances will not need to be repaid until claims flows return to normal. Federal agencies like the Centers for Medicare & Medicaid Services have introduced additional options to ensure that states and other stakeholders can make interim payments to providers, according to a release.

Longtime Slashdot reader jgulla shares an announcement from Redis: Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD). The new source-available licenses allow us to sustainably provide permissive use of our source code.

We're leading Redis into its next phase of development as a real-time data platform with a unified set of clients, tools, and core Redis product offerings. The Redis source code will continue to be freely available to developers, customers, and partners through Redis Community Edition. Future Redis source-available releases will unify core Redis with Redis Stack, including search, JSON, vector, probabilistic, and time-series data models in one free, easy-to-use package as downloadable software. This will allow anyone to easily use Redis across a variety of contexts, including as a high-performance key/value and document store, a powerful query engine, and a low-latency vector database powering generative AI applications. [...]

Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code. These agreements will underpin support for existing integrated solutions and provide full access to forthcoming Redis innovations. In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license. At the same time, all the Redis client libraries under the responsibility of Redis will remain open source licensed. Redis will continue to support its vast partner ecosystem -- including managed service providers and system integrators -- with exclusive access to all future releases, updates, and features developed and delivered by Redis through its Partner Program. There is no change for existing Redis Enterprise customers.

The Coalition for App Fairness, an industry body that represents Epic, Spotify, Match Group and Proton among others, issued the following statement following the U.S. announcing it had sued Apple: "With today's announcement, the Department of Justice is taking a strong stand against Apple's stranglehold over the mobile app ecosystem, which stifles competition and hurts American consumers and developers alike. The DOJ complaint details Apple's long history of illegal conduct -- abusing their App Store guidelines and developer agreements to increase prices, extract exorbitant fees, degrade user experiences, and choke off competition. The DOJ joins regulators around the world, who have recognized the many harms of Apple's abusive behavior and are working to address it. As this case unfolds in the coming years more must be done now to end the anticompetitive practices of all mobile app gatekeepers. It remains imperative that Congress pass bipartisan legislation, like the Open App Markets Act, to create a free and open mobile app marketplace." Further reading: Apple Loses $115 Billion in Market Value as Regulators Close In.

theodp writes: "Last year," Ian Bogost writes in Universities Have a Computer-Science Problem, "18 percent of Stanford University seniors graduated with a degree in computer science, more than double the proportion of just a decade earlier. Over the same period at MIT, that rate went up from 23 percent to 42 percent. These increases are common everywhere: The average number of undergraduate CS majors at universities in the U.S. and Canada tripled in the decade after 2005, and it keeps growing. Students' interest in CS is intellectual -- culture moves through computation these days -- but it is also professional. Young people hope to access the wealth, power, and influence of the technology sector. That ambition has created both enormous administrative strain and a competition for prestige."

"Another approach has gained in popularity," Bogost notes. "Universities are consolidating the formal study of CS into a new administrative structure: the college of computing. [...] When they elevate computing to the status of a college, with departments and a budget, they are declaring it a higher-order domain of knowledge and practice, akin to law or engineering. That decision will inform a fundamental question: whether computing ought to be seen as a superfield that lords over all others, or just a servant of other domains, subordinated to their interests and control. This is, by no happenstance, also the basic question about computing in our society writ large."

Bogost concludes: "I used to think computing education might be stuck in a nesting-doll version of the engineer's fallacy, in which CS departments have been asked to train more software engineers without considering whether more software engineers are really what the world needs. Now I worry that they have a bigger problem to address: how to make computer people care about everything else as much as they care about computers.

The Justice Department sued Apple on Thursday, alleging the tech giant blocked software developers and mobile gaming companies from offering better options on the iPhone, resulting in higher prices for consumers. WSJ: The government's antitrust complaint, filed in a New Jersey federal court, alleges Apple used its control of the iPhone to prevent competitors from offering innovative services such as digital wallets and limited the functionality of hardware products that compete with Apple's own devices. The suit also claims that Apple makes it difficult for users to switch to devices that don't use Apple's operating system, such as Android smartphones.

"Consumers should not have to pay higher prices because companies violate the antitrust laws," Attorney General Merrick Garland said in a statement. Apple said it plans to vigorously defend against the lawsuit. "This lawsuit threatens who we are and the principles that set Apple products apart in fiercely competitive markets," an Apple spokesman said in a statement. "If successful, it would hinder our ability to create the kind of technology people expect from Apple -- where hardware, software, and services intersect." The case against Apple is the last shoe to drop on the big four tech giants by U.S. antitrust officials.

prisoninmate shares a report from 9to5Linux: Dubbed "Kathmandu" after the host city of the GNOME.Asia 2023 conference in Kathmandu, Nepal, the GNOME 46 desktop environment is here to introduce major new features like headless remote desktop support that lets you connect to your GNOME system remotely without there being an existing session. While experimental, Variable Refresh Rate (VRR) support is another major new feature in GNOME 46, which will allow you to change the variable refresh rate of your monitor from the GNOME Settings app in the Displays section. Talking about GNOME Settings, the GNOME 46 release brings a new System panel that incorporates the Region, Language, Date, Time, Users, Remote Desktop, and About panels, as well as new Secure Shell settings. Check out the release notes and the official release video here.

GNOME 46 will be available shortly in many distributions, such as Fedora 40 and Ubuntu 24.04. You can try it today by looking for a beta release here.

sinij shares a report from the New York Post: The Biden administration finalized its crackdown on gas cars Wednesday, with the Environmental Protection Agency announcing drastic climate regulations meant to ensure more than two-thirds of passenger cars and light trucks sold by 2032 are electric or hybrid vehicles. The EPA rule imposes strict limits on tailpipe pollution, limits the agency says can be met if 56% of new vehicles sold in the US are electric by eight years from now, along with 13% that are plug-in hybrids or other partially electric cars. That would be a huge increase over current EV sales, which rose to 7.6% of new vehicle sales last year, up from 5.8% in 2022. [...] The new rule slows implementation of stricter pollution standards from 2027 through 2029, before ramping up to near the level the EPA preferred by 2032. "Personal car ownership is about to get A LOT more expensive as it will have to carry the costs of deep discounts to entice EV sales," adds Slashdot reader sinij.

mrspoonsi shares a report from the BBC: A former takeaway worker found with Bitcoin worth more than $2.5 billion has been convicted at Southwark Crown Court of a crime linked to money laundering. Jian Wen, 42, from Hendon in north London, was involved in converting the currency into assets including multi-million-pound houses and jewelry. On Monday she was convicted of entering into or becoming concerned in a money laundering arrangement. The Met said the seizure is the largest of its kind in the UK.

Although Wen was living in a flat above a Chinese restaurant in Leeds when she became involved in the criminal activity, her new lifestyle saw her move into a six-bedroom house in north London in 2017 which was rented for more than $21,000 per month. She posed as an employee of an international jewelry business and moved her son to the UK to attend private school, the Crown Prosecution Service (CPS) said. That same year, Wen tried to buy a string of expensive houses in London, but struggled to pass money-laundering checks and her claims she had earned millions legitimately mining Bitcoin were not believed. She later travelled abroad, buying jewelry worth tens of thousands of pounds in Zurich, and purchasing properties in Dubai in 2019.

Another suspect is thought to be behind the fraud but they remain at large. The Met said it carried out a large scale investigation as part of the case - searching several addresses, reviewing 48 electronic devices, and examining thousands of digital files including many which were translated from Mandarin. The CPS has obtained a freezing order from the High Court, while it carries out a civil recovery investigation that could lead to the forfeiture of the Bitcoin. The value of the Bitcoin was worth around $2.5 billion at the time of initial estimates -- but due to the fluctuation in the currency's value, it has since increased to around $4.3 billion.

After securing billions in federal grants and loans, Reuters reports that the company is "planning a $100-billion spending spree across four U.S. states" to build and expand its chip manufacturing factories. From the report: The centerpiece of Intel's five-year spending plan is turning empty fields near Columbus, Ohio, into what CEO Pat Gelsinger described to reporters on Tuesday as "the largest AI chip manufacturing site in the world," starting as soon as 2027. Intel's plan will also involve revamping sites in New Mexico and Oregon and expanding operations in Arizona, where longtime rival Taiwan Semiconductor Manufacturing Co is also building a massive factory that it hopes will receive funding from President Joe Biden's push to bring advanced semiconductor manufacturing back to the United States. [...]

Gelsinger said about 30% of the $100-billion plan will be spent on construction costs such as labor, piping and concrete. The remaining will go towards buying chipmaking tools from firms such as ASML, Tokyo Electron, Applied Materials and KLA, among others. Those tools will help bring the Ohio site online by 2027 or 2028, though Gelsinger warned the timeline could slip if the chip market takes a dive. Beyond grants and loans, Intel plans to make most of the purchases from its existing cash flows.

"It will still take three to five years for Intel to become a serious player in the foundry market" for cutting-edge chips, said Kinngai Chan, an analyst at Summit Insights. However, he warned more investment would be needed before Intel could overtake TSMC, adding that the Taiwanese firm could remain the leader for "some time to come." Gelsinger has previously said a second round of U.S. funding for chip factories would likely be needed to re-establish the U.S. as a leader in semiconductor manufacturing, which he reiterated on Tuesday. "It took us three-plus decades to lose this industry. It's not going to come back in three to five years of CHIPS Act" funding, said Gelsinger, who referred to the low-interest-rate funding as "smart capital."

Major U.S. broadband internet providers must start displaying information similar to nutrition labels on food products to help consumers shop for services starting on April 10, under new rules from the Federal Communications Commission. From a report: Verizon Communications said it will begin providing the labels on Wednesday. The FCC first moved to mandate the labels in 2022. Smaller providers will be required to provide labels starting in October. The rules require broadband providers to display, at the point of sale, labels that show prices, speeds, fees and data allowances for both wireless and wired products. Verizon Chief Customer Experience Officer Brian Higgins said in an interview the labels will help consumers make "an equal comparison" between product offerings, speeds and fees.

Higgins said standardized labels across the industry "make it easier for customers to do a comparison of which provider is going to be the best fit for their needs." He said customers will still need to research various bundling offers across carriers. The labels were first unveiled as a voluntary program in 2016. Congress ordered the FCC to mandate them under the 2021 infrastructure law. "Consumers will finally get information they can use to comparison shop, avoid junk fees, and make informed choices about which high-speed internet service is the best fit for their needs and budget," FCC Chair Jessica Rosenworcel said.

The abstract of a new paper published on Journal of Financial Economics: We study aggregate lapsation risk in the life insurance sector. We construct two lapsation risk factors that explain a large fraction of the common variation in lapse rates of the 30 largest life insurance companies. The first is a cyclical factor that is positively correlated with credit spreads and unemployment, while the second factor is a trend factor that correlates with the level of interest rates. Using a novel policy-level database from a large life insurer, we examine the heterogeneity in risk factor exposures based on policy and policyholder characteristics.

Young policyholders with higher health risk in low-income areas are more likely to lapse their policies during economic downturns. We explore the implications for hedging and valuation of life insurance contracts. Ignoring aggregate lapsation risk results in mispricing of life insurance policies. The calibrated model points to overpricing on average. In the cross-section, young, low-income, and high-health risk households face higher effective mark-ups than the old, high-income, and healthy.

The White House said Wednesday Intel has been awarded up to $8.5 billion in CHIPS Act funding, as the Biden administration ramps up its effort to bring semiconductor manufacturing to U.S. soil. From a report: Intel could receive an additional $11 billion in loans from the CHIPS and Science Act, which was passed in 2022. The awards will be announced by President Joe Biden in Arizona on Wednesday. The money will help "leading-edge semiconductors made in the United States" keep "America in the driver's seat of innovation," U.S. Secretary of Commerce Gina Raimondo said on a call with reporters. Intel and the White House said their agreement is nonbinding and preliminary and could change.

Intel has long been a stalwart of the U.S. semiconductor industry, developing chips that power many of the world's PCs and data center servers. However, the company has been eclipsed in revenue by Nvidia, which leads in artificial intelligence chips, and has been surpassed in market cap by rival AMD and mobile phone chipmaker Qualcomm.

An anonymous reader quotes a report from Ars Technica: The Biden administration on Tuesday warned the nation's governors that drinking water and wastewater utilities in their states are facing "disabling cyberattacks" by hostile foreign nations that are targeting mission-critical plant operations. "Disabling cyberattacks are striking water and wastewater systems throughout the United States," Jake Sullivan, assistant to the President for National Security Affairs, and Michael S. Regan, administrator of the Environmental Protection Agency, wrote in a letter. "These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities." [...]

"Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices," Sullivan and Regan wrote in Tuesday's letter. They went on to urge all water facilities to follow basic security measures such as resetting default passwords and keeping software updated. They linked to this list of additional actions, published by CISA and guidance and tools jointly provided by CISA and the EPA. They went on to provide a list of cybersecurity resources available from private sector companies.

The letter extended an invitation for secretaries of each state's governor to attend a meeting to discuss better securing the water sector's critical infrastructure. It also announced that the EPA is forming a Water Sector Cybersecurity Task Force to identify vulnerabilities in water systems. The virtual meeting will take place on Thursday. "EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems," Regan said in a separate statement.