Tag: Kim Bellard

Tiny Is Mighty

Aug 20, 2024

By KIM BELLARD

I am a fanboy for AI; I don’t really understand the technical aspects, but I sure am excited about its potential. I’m also a sucker for a catchy phrase. So when I (belatedly) learned about TinyAI, I was hooked.

Now, as it turns out, TinyAI (also know as Tiny AI) has been around for a few years, but with the general surge of interest in AI it is now getting more attention. There is also TinyML and Edge AI, the distinctions between which I won’t attempt to parse. The point is, AI doesn’t have to involve huge datasets run on massive servers somewhere in the cloud; it can happen on about as small a device as you care to imagine. And that’s pretty exciting.

What caught my eye was a overview in Cell by Farid Nakhle, a professor at Temple University, Japan Campus: Shrinking the Giants: Paving the Way for TinyAI. “Transitioning from the landscape of large artificial intelligence (AI) models to the realm of edge computing, which finds its niche in pocket-sized devices, heralds a remarkable evolution in technological capabilities,” Professor Nakhle begins.

AI’s many successes, he believes, “…are demanding a leap in its capabilities, calling for a paradigm shift in the research landscape, from centralized cloud computing architectures to decentralized and edge-centric frameworks, where data can be processed on edge devices near to where they are being generated.” The demands for real time processing, reduced latency, and enhanced privacy make TinyAI attractive.

Accordingly: “This necessitates TinyAI, here defined as the compression and acceleration of existing AI models or the design of novel, small, yet effective AI architectures and the development of dedicated AI-accelerating hardware to seamlessly ensure their efficient deployment and operation on edge devices.”

Professor Nakhle gives an overview of those compression and acceleration techniques, as well as architecture and hardware designs, all of which I’ll leave as an exercise for the interested reader.

If all this sounds futuristic, here are some current examples of TinyAI models:

This summer Google launched Gemma 2 2B, a 2 billion parameter model that it claims outperforms OpenAI’s GPT 3.5 and Mistral AI’s Mixtral 8X7B. VentureBeat opined: “Gemma 2 2B’s success suggests that sophisticated training techniques, efficient architectures, and high-quality datasets can compensate for raw parameter count.”
Also this summer OpenAI introduced GPT-4o mini, “our most cost-efficient small model.” It “supports text and vision in the API, with support for text, image, video and audio inputs and outputs coming in the future.”
Salesforce recently introduced its xLAM-1B model, which it likes to call the “Tiny Giant.” It supposedly only has 1b parameters, yet Marc Benoff claims it outperforms modelx 7x its size and boldly says: “On-device agentic AI is here”
This spring Microsoft launched Phi-3 Mini, a 3.8 billion parameter model, which is small enough for a smartphone. It claims to compare well to GPT 3.5 as well as Meta’s Llama 3.
H2O.ai offers Danube 2, a 1.8 b parameter model that Alan Simon of Hackernoon calls the most accurate of the open source, tiny LLM models.

A few billion parameters may not sound so “tiny,” but keep in mind that other AI models may have trillions.

It’s in the Blood

Aug 9, 2024

By KIM BELLARD

People are fascinated by blood. Well, it would seem so, given our fondness for vampires, gory movies, and true crime stories. I’m not so keen on any of those, but I was struck by several recent developments about how blood tests can help diagnose medical problems faster, more definitively, and less invasively.

Because, really, shouldn’t that be what our healthcare system always should strive for?

Take concussions. If you are a football fan, you’re very familiar with the problem that it seems very subjective about whether a player has suffered a concussion. They’re not the only ones. Millions of people suffer concussions each year – the vast majority of whom are not athletes – and more than half never get it evaluated.

In April Abbott received FDA approval for a rapid blood test, producing results in 15 minutes. It can be done at a patient’s beside, and not require a lab. “Clinicians have needed an objective way to assess patients with concussions,” said Beth McQuiston, M.D., medical director in Abbott’s diagnostics business. “When you look at all the other diseases, or other organs in the body, they all have blood tests to help assess what’s happening. Now, we have a whole blood test that can help assess the brain right at the patient’s bedside – expanding access to more health providers and therefore patients.”

Expect to see the Abbott’s i-STAT TBI cartridge and portable i-STAT^® Alinity^® instrument in emergency rooms, not to mention on NFL sidelines.

Or Alzheimer’s disease. Many realize that it has historically been very difficult to diagnose, often not definitively until after death. Now a new study suggests a blood test can accurately diagnose it 90% of the time, which is much higher than even neurologists can do. The test is more accurate the later the stage of Alzheimer’s a person has.

Specifically, it measures “the ratio of plasma phosphorylated tau 217 (p-tau217) relative to non–p-tau217 (expressed as percentage of p-tau217) combined with the amyloid-β 42 and amyloid-β 40 plasma ratio (the amyloid probability score 2 [APS2]).” Got that?

“We’d love to have a blood test that can beused in a primary care physician’s office, functioning like a cholesterol test but for Alzheimer’s,” Dr. Maria Carrillo, chief science officer of the Alzheimer’s Association, told CNN. “The p-tau217 blood test is turning out to be the most specific for Alzheimer’s and the one with the most validity. It seems to be the front-runner.”

It’s not quite ready for use in your doctor’s office, though. “Right now, we don’t have guidelines for the use of these tests,” Dr. Eliezer Masliah, director of the division of neuroscience at the National Institute on Aging, warned NPR. Dr. Suzanne Schindler, an associate professor of neurology at Washington University School of Medicine in St. Louis, added: “Blood tests have developed incredibly fast for Alzheimer disease and I think [doctors] aren’t used to that rate of change.”

“The field is moving at a pace I never imagined 10 years ago,” Dr. Heather Whitson, a professor of medicine at Duke University, marveled to NPR.

We’re increasingly seeing FDA approved drug treatments for Alzheimer’s, so it’d be nice if we had FDA approved blood tests to more accurately use them.

Last but not least, there’s colorectal cancer (CRC). The FDA recently approved Guardant Health’s Shield™ blood test for colorectal cancer screening, and is the first such blood test approved by the FDA as a primary screening option. A Guardant study found that it identified 87% of cancers that were at an early and curable stage, although it does less well at finding precancerous growths. The test is aimed at adults 45 and older who are at average risk.

It’s not so much that it is better than colonoscopies – it’s not — as it is that it should be easier to convince people to use. Despite the fact that CRC kills over 50,000 Americans annually, more than a third of older Americans are not getting screened. Even worse, more than three-fourths of those who die from CRC are not up-to-date with their screening.

“The persistent gap in colorectal cancer screening rates shows that the existing screening options do not appeal to millions of people,” said Daniel Chung, MD, gastroenterologist at Massachusetts General Hospital and Professor of Medicine at Harvard Medical School. “The FDA’s approval of the Shield blood test marks a tremendous leap forward, offering a compelling new solution to close this gap.”

Dr. Sapna Syngal, director of strategic planning for prevention and early cancer detection at the Dana-Farber Cancer Center in Boston agrees, telling NBC News: “If this test increases the number of people getting screened, it’s going to have a huge impact.”

The test is on the market now, and Guardant expects approval for coverage by Medicare and commercial insurance.

Most of us are used to getting routine blood tests for things like blood counts or cholesterol levels, so it’s exciting that blood tests are started to be used for other important health issues.

————–

Blood tests are all well and good, but they’re not (yet) the kind of test you’d routinely expect to use at home on your own. ARPA-H has even bigger aspirations. It just announced the Platform Optimizing SynBio for Early Intervention and Detection in Oncology (POSEIDON) program, the goal of which is “to develop first-in-class, at-home, synthetic Multi-Cancer-Early Detection (MCED) tests for the most sensitive and specific stage I detection of 30+ solid tumors* using only breath and/or urine samples.”

No blood draw or lab tech needed, just breath or urine samples done yourself at home. That’s something to shoot for.

“Access to a low-cost cancer screening test that does not need a lab test is so critical to preventing late-stage diagnoses, increasing survival rates, and reducing high treatment costs,” said ARPA-H Director Renee Wegrzyn, Ph.D. “With POSEIDON, we could put the power of cancer screening into homes in the U.S. and around the world.”

“But what if any adult could, at their discretion, take an at-home test that could detect Stage I cancer? POSEIDON aims to create a future in which any adult can take a simple, over-the-counter test to screen for and detect 30+ cancers at Stage I, when they are still localized, to drastically improve the chances of curative treatment and survival,” said Ross Uhrich, DMD, MBA, ARPA-H POSEIDON’s Program Manager.

“But what if…” indeed. ARPA-H is thinking big — as it should. And as should we all.

Kim is a former emarketing exec at a major Blues plan, editor of the late & lamented Tincture.io, and now regular THCB contributor

No, Health Care Is NOT Brat

Jul 31, 2024

By KIM BELLARD

Until last week, I thought “brat” referred to an obnoxious child. I was vaguely aware of Charli XCX, but I wasn’t aware that earlier this summer she’d dropped a new album with that name, or that the cultural zeitgeist subsequently declared this to be Brat Summer. Then last weekend in the space of a day, Joe Biden dropped out of the Presidential race, Vice President Harris became the presumptive Democratic presidential nominee, and Charli XCX tweeted “kamala IS brat.”

V.P. Harris’s campaign exploded. Most of us had kind of been dreading the campaign between two eighty-year-old white guys, and then suddenly we had a mixed heritage woman as a candidate, who even at 59 seemed positively youthful by comparison. And brat to boot!

It’s been hilarious to watch people like Stephen Colbert or Jake Tapper try to explain brat to their viewers. Charli XCX herself described it on TikTok as:

That girl who is a little messy and likes to party, and maybe says dumb things sometimes, who feels herself but then also maybe has a breakdown but parties through it. It’s very honest; it’s very blunt—a little bit volatile, does dumb things, but, like, it’s brat. You’re brat. That’s brat.

It’s been taken much further than that, of course. An article in The Guardian described it: “Because, as we all know by now, brat – inspired by Charli’s most recent album – is more than a name, it’s a lifestyle. It is noughties excess, rave culture. It’s “a pack of cigs, a Bic lighter, a strappy white top with no bra”. It’s quintessentially cool.” Shirly Li, in The Atlantic, opined: “The essence of “brat”is not defining people as such; it’s being simultaneously provocative and vulnerable.”

But, more to the point, Xochitl Gonzalez, also writing in The Atlantic, made clear how we should think about brat: “If you don’t know what that means, it doesn’t matter.” After all, if you’re not in on the joke, you are the joke.

The Harris campaign is all in on the joke. It fully embraced the appellation, even changing its campaign logo on social media to the easily identifiable lime green of the Brat album cover. The KHive is busy creating memes, posting TikTok clips, and filling the world with coconut emojis (long story). Some have claimed that brat summer is already over, but maybe not so fast.

Whether it is the brat effect or simply a honeymoon period for Ms. Harris, her favorability and enthusiasm ratings have soared, and the Presidential race polls again show a dead heat, after President Biden’s polls had tanked following his disastrous debate performance earlier this month. The simple fact that the Dems have a candidate who can become a cultural meme, in a good way, feels refreshing, especially in a campaign that heretofore had evoked more dread and resignation than enthusiasm.

I wish healthcare was brat.

Vote, for Health Sake

Jul 23, 2024

By KIM BELLARD

If you had on your political bingo card that our former President Trump would survive an assassination attempt, or that President Biden would drop out of the race a few weeks before being renominated for 2024, then you’re playing a more advanced game than I was (on the other hand, the chances that Trump would get convicted of felonies or that Biden would have a bad debate almost seemed inevitable). If we thought 2020 was the most consequential election of our lifetimes, then fasten your seat belt, because 2024 is already proving to be a bumpier ride, with more shocks undoubtedly to come.

I don’t normally write about politics, but a recent report from the Commonwealth Fund serves as a reminder: it does matter who you vote for. It is literally a matter of life and death.

The report is the 2024 State Scorecard on Women’s Health and Reproductive Care. Long story short: “Women’s health is in a perilous place.” Lead author Sara Collins added: “Women’s health is in a very fragile place. Our health system is failing women of reproductive age, especially women of color and low-income women.”

The report’s findings are chilling:

Using the latest available data, the scorecard findings show significant disparities between states in reproductive care and women’s health, as well as deepening racial and ethnic gaps in health outcomes, with stark inequities in avoidable deaths and access to essential health services. The findings suggest these gaps could widen further, especially for women of color and those with low incomes in states with restricted access to comprehensive reproductive health care.

“We found a threefold difference across states with the highest rates of death concentrated in the southeastern states,” David Radley, Ph.D., MPH, the fund’s senior scientist of tracking health system performance, said in a news conference last week. “We also saw big differences across states in women’s ability to access care.”

Joseph R. Betancourt, M.D., Commonwealth Fund President, said: “Where you live matters to your health and healthcare. This is having a disproportionate effect on women of color and women with low incomes.” Dr. Jonas Swartz, assistant professor of obstetrics and gynecology at Duke Health in Durham, North Carolina agreed, telling NBC News: “Your zip code shouldn’t dictate your reproductive health destiny. But that is the reality.”

The study evaluated a variety of health outcomes, including all-cause mortality, maternal and infant mortality, preterm birth rates, syphilis among women of reproductive age, infants born with congenital syphilis, self-reported health status, postpartum depression, breast and cervical cancer deaths, poor mental health, and intimate partner violence. To measure coverage, access, and affordability, it looked at insurance coverage, usual source of care, cost-related problems getting health care, and system capacity for reproductive health services.

There are, as you can imagine, charts galore.

The lowest performing states – and I doubt these will be a surprise to anyone — were Mississippi, Texas, Nevada, and Oklahoma. The highest rated states were Massachusetts, Vermont, and Rhode Island.

Google Hopes Nobody Beats This Wiz

Jul 16, 2024

By KIM BELLARD

When I saw the Wall Street Journal article about Alphabet being in “advanced talks” to buy cybersecurity firm Wiz for an eye-popping $23b, I must confess that – never having previously heard of the company – my thoughts flashed back to the Seinfeld episode (“The Junk Mail”) where Elaine dates a man whose job turns out to be an outlandish mascot for electronics store The Wiz, whose motto he gleefully repeats: “Nobody beats The Wiz!” That firm is long gone but this Wiz is alive and well, enough so that the acquisition would be Alphabet’s largest ever.

The Wiz was only founded in 2020, by four ex-Israeli military officers (they reportedly all originally worked together at Israel’s equivalent of the NSA). They had previously founded cloud cybersecurity firm Adallom in 2012, which they sold to Microsoft in 2015 for its Azure cloud computing firm. Wiz also specializes in cloud cybersecurity, and, according to WSJ, its clients include 40% of the Fortune 500 companies as customers, including Barclay’s, Mars, Morgan Stanley, and Slack. Other notable customers include BMW, DocuSign, EA, and Salesforce.

Pretty impressive for a four-year-old start-up.

Alphabet’s cloud business – Google Cloud Platform (GCP) — badly trails leaders AWS (Amazon) and Azure (Microsoft), although last year GCP’s revenue’s rose 26% and it recorded its first operating profit. It’s Q1 2024 revenue was up 28%. By the way, Wiz lists both AWS and Azure as partners, along with GCP, Oracle Cloud Infrastructure, VMware, and Alibaba Cloud.

Alphabet had bought security company Mandiant two years ago for $5.4b, as well as Siemplify, another Israeli cloud cybersecurity company, that same year, and evidently sees these acquisition as a way to bolster its cloud business.

For some perspective, just this past May Wiz raised $1b in a funding round that gave it a $12b valuation. Its annual recurring revenues are estimated at $500 million, so Alphabet’s offer is a 46 multiplier. By contrast, WSJ notes that competitor CrowdStrike has a market capitalization that is 25 times annual recurring revenues. “This could be one of the largest and fastest returns ever for a private security company in tech history,” Alex Clayton, a general partner at Meritech Capital, told WSJ.

“There are two advantages of Google acquiring Wiz,” Ray Wang, principal analyst and founder of Constellation Research, told CSO. “One, cloud security is hot and allows Google to cut into AWS and Azure clients, and two, having Wiz would give them some consistently large workloads to monetize.”

If you’re wondering why cloud security is hot, I need only mention AT&T, which recently disclosed that the records of “nearly all” of its cellular customers had been breached. Well, those records came from its cloud provider Snowflake — and that was not the first time Snowflake has been attacked and possibly breached. Azure has also suffered some serious breaches, and has been accused of “repeated pattern of negligent cybersecurity practices.” AWS has had its share of data breaches as well.

So, yeah, a cloud service better have good cybersecurity.

Health Care Needs a 21st Century Infrastructure

Jul 9, 2024

By KIM BELLARD

Matthew Holt is going to tell me I’ve been thinking about infrastructure too much lately (e.g., cybersecurity of them, backup plans for them), but if you don’t have infrastructure right, you don’t have anything right.

And healthcare most definitely does not have its infrastructure right.

We’re spending between 15-30% of our healthcare dollar on administration, and no one views our healthcare system as efficient or even particularly effective. We have numerous intermediaries like PBMs, billing services, revenue cycle management vendors, and all sorts of digital health solutions. There are layers upon layers upon layers, each adding its costs and complications.

In some ways, healthcare’s infrastructure has changed remarkably in the last two to three decades. Most transactions – e.g., claims or eligibility – are sent, and often processed, electronically. Most physicians, hospitals, and other health care clinicians/organizations have electronic health records. You can find out the expected cost for prescription drugs at point-of-sale. You can do a virtual visit with your doctor. There are vast amounts of health information available online. AI is coming to health care, and, in some cases, is already here.

But: we’re still sending faxes. We’re still filling out paper forms, repeatedly. We still make innumerable phone calls, usually spending long waits in queue. Everyone hates provider directories, which are never up-to-date and often inaccurate. Talk of interoperability notwithstanding, there are far too many data silos, leading to at best us lugging around disks with our downloaded records to at worst physicians acting with incomplete information for us. Healthcare has had far too many data breaches, and cyberattacks have held patient data hostage (e.g., Ascension) or put a halt to those electronic transaction (e.g., Change Healthcare). And we’re not at all sure how to govern AI.

The amount of medical literature has been growing exponentially for decades, and the volume of health care data is growing much, much faster. Physicians once guarded health information like the guild they are, but the Internet has democratized health information – while doing the same for misinformation. If anything, we have too much information; we just can’t use it as effectively as we should (e.g., it can take 17 years for evidence to change physician practice).

This is not an infrastructure that is not coping well with the 21^st century.

Where Are Health Care’s Value Meals?

Jul 2, 2024

By KIM BELLARD

If you’re anything like me, you’ve noticed that food costs have been increasing. Whether it is food from the grocery or at a restaurant, the bill can be eye-opening compared to a few years ago. Blame the pandemic, blame corporate greed, blame the President – take your pick. But the bottom line is, you have to eat. You can buy lower priced options, you can go out less often, you can skimp on non-food spending, but you’re going to buy food. The other thing you can do is to complain.

Well, the fast food industry, for one, is listening to those complaints, and many leading fast food companies have launched a variety of “value meals” to reduce the pain consumers feel. Evidently they are still capable of feeling shame, or at least of recognizing that consumers have choices.

I just wish the healthcare industry was capable of doing the same.

Let’s be clear: the fast food industry has brought this on themselves. The Wall Street Journal reports that prices of food eaten away from home rose 30% since 2019, according to labor Department statistics, and that prices for a Big Mac increased 21% over the same period. McNugget meals were up 28% over the same period.

McDonald’s recognized the problem. It announced a $5 meal bundle in mid-May, targeting a June 25 launch date. For those of you craving a McD’s fix, the deal includes McDouble or McChicken sandwich, small fries, small soft drink and a four-piece Chicken McNuggets. “I’ve been in our restaurants. I’ve sat in focus groups,” Erlinger said on the Today show, touting the new deals.

It didn’t take long for other fast food chains to offer their own version. KFC introduced its $4.99 value menu back in April, even before McDonald’s announcement. Wendy’s has a $3 breakfast deal, Burger King has a $5 Your Way Meal, Taco Bell has something it calls a Luxe Craving Box for $7, Starbucks has a new Pairing Menu priced between $5-$7, Jack in the Box has a $4 munchies Meal, and Sonic now offers a $1.99 menu it calls “Fun.99,” which it says will be permanent, not a time limited promotion. I’m sure there are others.

“It still holds true that imitation is the sincerest form of flattery,” Burger King North American president Tom Curtis said in a May email to restaurant operators. “We know the competition is doing that. So we will be in that game,” Jack in the Box Chief Executive Darin Harris said.

Lest anyone be worried about hurting the fast food companies’ margins, R.J. Hottovy, head of analytical research at Placer.ai, told Yahoo Finance: “It really comes down to … repeat visits after the fact. You’re not making money on the value menu. You’re making menu money on the other products, the more premium products, the dessert products, the beverage products that go along with that.”

Health care is like food in that almost anywhere you go you can probably find it. There are fast food restaurants seemingly on every corner, but there also are drugstores and doctors’ offices somewhere near those fast food restaurants. Health care may not quite be omnipresent, but it’s pretty present.

Unlike food, you may not need health care every day — but you are going to need it at some point. It may be a simple visit, it may be a pill a day for a few days, but it could be a mind-boggling array of tests, medications and procedures you never imagined or lifelong care.

In a fast food restaurant, you look at the menu, pick what you want and how much you are willing to pay, but with health care you don’t have such a menu. Someone else is usually telling what you need and dictating how much you’ll pay for it. After numerous “price transparency” efforts in these last few years, you might be able to find some set of prices, but if anyone has ever successfully been able to use them for anything other than the simplest of interactions, I’d like to know about it.

Batteries All Around

Jun 26, 2024

By KIM BELLARD

Quick question: how many batteries do you have? Chances are, the answer is way bigger than you think. They’re in your devices (e.g., smartphones, tablets, laptops, ear buds), they’re throughout your house (e.g., clocks, smoke detectors), they’re in your car (even if you don’t have an EV), and they may even be in you. We usually only think about them when they need recharging, or when they catch fire. They can be an environmental nightmare if not recycled, and recycling lithium-ion batteries is still problematic.

So I was intrigued to read about some efforts to rethink what a battery is.

Let’s start with some work done by Swedish tech company Sinonus, a spinout of Chalmers University of Technology and KTH Royal Institute of Technology. The company is all about carbon fiber; more specifically, integrating structural strength and storing energy.

It seeks to make things multipurpose: “Just think of your smartphone, today it seems farfetched to use a single purpose phone, camera and mp3 player when you can have them all in one. In the same way we can transform single purpose materials, such as structure materials and batteries, through our multipurpose carbon fiber composite solution.”

Or, as TechRadar put it, “how the laptop could become the battery.”

Who Needs Humans, Anyway?

Jun 5, 2024

By KIM BELLARD

Imagine my excitement when I saw the headline: “Robot doctors at world’s first AI hospital can treat 3,000 a day.” Finally, I thought – now we’re getting somewhere. I must admit that my enthusiasm was somewhat tempered to find that the patients were virtual. But, still.

The article was in Interesting Engineering, and it largely covered the source story in Global Times, which interviewed the research team leader Yang Liu, a professor at China’s Tsinghua University, where he is executive dean of Institute for AI Industry Research (AIR) and associate dean of the Department of Computer Science and Technology. The professor and his team just published a paper detailing their efforts.

The paper describes what they did: “we introduce a simulacrum of hospital called Agent Hospital that simulates the entire process of treating illness. All patients, nurses, and doctors are autonomous agents powered by large language models (LLMs).” They modestly note: “To the best of our knowledge, this is the first simulacrum of hospital, which comprehensively reflects the entire medical process with excellent scalability, making it a valuable platform for the study of medical LLMs/agents.”

In essence, “Resident Agents” randomly contract a disease, seek care at the Agent Hospital, where they are triaged and treated by Medical Professional Agents, who include 14 doctors and 4 nurses (that’s how you can tell this is only a simulacrum; in the real world, you’d be lucky to have 4 doctors and 14 nurses). The goal “is to enable a doctor agent to learn how to treat illness within the simulacrum.”

The Agent Hospital has been compared to the AI town developed at Stanford last year, which had 25 virtual residents living and socializing with each other. “We’ve demonstrated the ability to create general computational agents that can behave like humans in an open setting,” said Joon Sung Park, one of the creators. The Tsinghua researchers have created a “hospital town.”

Gosh, a healthcare system with no humans involved. It can’t be any worse than the human one. Then, again, let me know when the researchers include AI insurance company agents in the simulacrum; I want to see what bickering ensues.

Your Water, or Your Life

May 28, 2024

By KIM BELLARD

Matthew Holt, publisher of The Health Care Blog, thinks I worry too much about too many things. He’s probably right. But here’s one worry I’d be remiss in not alerting people to: your water supply is not as safe – not nearly as safe – as you probably assume it is.

I’m not talking about the danger of lead pipes. I’m not even talking about the danger of microplastics in your water. I’ve warned about both of those before (and I’m still worried about them). No, I’m worried we’re not taking the danger of cyberattacks against our water systems seriously enough.

A week ago the EPA issued an enforcement alert about cybersecurity vulnerabilities and threats to community drinking water systems. This was a day after EPA head Michael Regan and National Security Advisor Jake Sullivan sent a letter to all U.S. governors warning them of “disabling cyberattacks” on water and wastewater systems and urging them to cooperate in safeguarding those infrastructures.

“Drinking water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” the letter warned. It specifically cited known state-sponsored attacks from Iran and China.

The enforcement alert elaborated:

Cyberattacks against CWSs are increasing in frequency and severity across the country. Based on actual incidents we know that a cyberattack on a vulnerable water system may allow an adversary to manipulate operational technology, which could cause significant adverse consequences for both the utility and drinking water consumers. Possible impacts include disrupting the treatment, distribution, and storage of water for the community, damaging pumps and valves, and altering the levels of chemicals to hazardous amounts.

Next Gov/FCW paints a grim picture of how vulnerable our water systems are:

Multiple nation-state adversaries have been able to breach water infrastructure around the country. China has been deploying its extensive and pervasive Volt Typhoon hacking collective, burrowing into vast critical infrastructure segments and positioning along compromised internet routing equipment to stage further attacks, national security officials have previously said.

In November, IRGC-backed cyber operatives broke into industrial water treatment controls and targeted programmable logic controllers made by Israeli firm Unitronics. Most recently, Russia-linked hackers were confirmed to have breached a slew of rural U.S. water systems, at times posing physical safety threats.

We shouldn’t be surprised by these attacks. We’ve come to learn that China, Iran, North Korea, and Russia have highly sophisticated cyber teams, but, when it comes to water systems, it turns out the attacks don’t have to be all that sophisticated. The EPA noted that over 70% of water systems it inspected did not fully comply with security standards, including such basic protections such as not allowing default passwords.

NextGov/FCW pointed out that last October the EPA was forced to rescind requirements that water agencies at least evaluate their cyber defenses, due to legal challenges from several (red) states and the American Water Works Association. Take that in. I’ll bet China, Iran, and others are evaluating them.

“In an ideal world … we would like everybody to have a baseline level of cybersecurity and be able to confirm that they have that,” Alan Roberson, executive director of the Association of State Drinking Water Administrators, told AP. “But that’s a long ways away.”

Tom Kellermann, SVP of Cyber Strategy at Contrast Security told Security Magazine: “The safety of the U.S. water supply is in jeopardy. Rogue nation states are frequently targetingthese critical infrastructures, and soon we will experience a life-threatening event.” That doesn’t sound like a long ways away.