A cyberattack on American Water, the largest regulated water utility in the United States, has exposed critical vulnerabilities in the nation’s infrastructure, raising alarm bells about the safety of essential services.
At a Glance
- American Water, serving over 14 million people across 14 states, experienced a cyberattack affecting customer billing systems.
- The attack is considered an “IT focused attack” with water services remaining unaffected.
- 70% of inspected water systems do not fully comply with cybersecurity requirements, according to the EPA.
- Cyberattacks on U.S. water infrastructure are increasing, with some linked to geopolitical rivals like Iran, Russia, and China.
- Experts stress the need for increased cybersecurity measures in critical infrastructure.
American Water Under Cyber Siege
American Water Works Company, Inc., based in New Jersey, the largest regulated water utility in the United States, recently fell victim to a cyberattack that forced the company to pause its customer billing operations. The incident, which affects a utility serving over 14 million people across 14 states and 1,700 communities, has sent shockwaves through the nation’s critical infrastructure sector.
The company detected unauthorized activity on its systems on October 3, prompting an immediate shutdown of affected areas. While the attack is described as an “IT focused attack” rather than an operational one, it has raised serious concerns about the vulnerability of essential services to cyber threats.
American Water, largest water utility in US, dealing with cyberattack https://t.co/fBfiI0v3nl
— WUSA9 (@wusa9) October 8, 2024
Water Safety Uncompromised, But Risks Loom Large
American Water has assured the public that water services remain unaffected and that water safety has not been compromised. The company has taken precautionary measures by shutting down its customer service portal and billing function, suspending late fees until the system is restored. However, the incident has highlighted the potential risks faced by critical infrastructure in an increasingly digital world.
“People haven’t traditionally thought of pieces of infrastructure, such as water and wastewater service as being prone to threats, but incidents like this shows how quickly problems could occur,” Jack Danahy of NuHarbor Security in Vermont said.
The attack on American Water is not an isolated incident. Cyberattacks on U.S. water infrastructure have raised serious concerns, with some linked to geopolitical rivals like Iran, Russia, and China. The FBI has warned of Chinese hackers targeting U.S. critical infrastructure, including water treatment plants. A recent Russian-linked hack even targeted a water filtration plant in Texas near a U.S. Air Force base, highlighting the strategic nature of these attacks.
Systemic Vulnerabilities Exposed
The incident has brought to light alarming gaps in the cybersecurity of U.S. water systems. The Environmental Protection Agency (EPA) revealed that 70% of inspected water systems do not fully comply with cybersecurity requirements. This statistic underscores the urgent need for improved security measures across the nation’s water infrastructure.
“All drinking water and wastewater systems are at risk — large and small, urban and rural,” an EPA spokesperson said, according to CNBC.
Water and wastewater treatment facilities often lack sufficient cybersecurity funding, despite facing similar threats as other critical infrastructure sectors. The Cybersecurity and Infrastructure Security Agency (CISA) is working to secure these vital systems, but progress requires time and significant budget allocation.
A Wake-Up Call for Infrastructure Security
The attack on American Water serves as a stark reminder of the vulnerabilities in our essential services. As more utilities embrace digital transformation to improve accessibility and efficiency, they inadvertently expose themselves to new cybersecurity risks. Experts stress the importance of integrating robust security measures from the outset to protect public health and safety.
“We often overlook how vulnerable our everyday essentials are to digital threats. We’re not just talking about data breaches — this is about the safety of millions of people who rely on clean water every day,” Akhil Mittal, Black Duck Senior Manager of Cybersecurity Strategy and Solutions said.
As the investigation into the American Water cyberattack continues, with law enforcement and cybersecurity experts involved, the incident serves as a crucial wake-up call. It underscores the need for increased investment in cybersecurity for critical infrastructure, enhanced compliance with security standards, and a proactive approach to protecting the nation’s essential services from evolving digital threats.
Sources
- American Water cyberattack renews focus on protecting critical infrastructure
- America’s largest water utility hit by cyberattack at time of rising threats against U.S. infrastructure
- Security experts discuss the American Water cyberattack
