Back in early October, American Water — the nation’s largest regulated water and wastewater utility company — announced that it had been hit by a cyberattack. The company serves more than 14 million people over 14 states, 18 U.S. military installations, and manages more than 500 wastewater systems, reported the Associated Press (AP).
The attack further underscored the inextricable links between cyber and physical security. In an interconnected age, a cyberattack on a popular utility can have very significant and negative real-world impacts that can threaten the physical safety of millions.
In a follow-up piece, the AP wrote about the implications this attack has on the infrastructure of American utility systems.
“People haven’t traditionally thought of pieces of infrastructure, such as water and wastewater service as being prone to threats, but incidents like this shows how quickly problems could occur,” Jack Danahy, vice president of strategy and innovation at Colchester, Vt.-based NuHarbor Security, told the newswire service. “As billing and other services have become more accessible to customers in recent years, they’re now exposed to more types of risks and concerns that were not previously there.”
Additionally, the AP points to the fact that the EPA and the U.S. Cybersecurity and Infrastructure Security Agency had previously recommended that water systems protect that country’s drinking water earlier this year.
“About 70% of utilities inspected by federal officials recently violated standards meant to prevent breaches or other intrusions,” the AP reported.
What does this all mean? DarkReading.com puts it in context, discussing how this is part of a worrying trend of major utilities becoming targets of cybercrime and, worryingly, many of them seem ill prepared for these ever-looming threats. They cite two recent examples — the 2021 ransomware attack on the Colonial Pipeline as well as the Florida water treatment facility attack that same year, which could have resulted in the poisoning of the local water supply.
“We often overlook how vulnerable our everyday essentials are to digital threats,” Akhil Mittal, senior manager of cybersecurity strategy and solutions at Black Duck, told the website. “We’re not just talking about data breaches — this is about the safety of millions of people who rely on clean water every day. A cyber incident like this could disrupt water services, delay safety checks, and potentially risk public health.”
All of these threats underscore that shoring up crucial, often lifesaving infrastructure systems is needed as cyberattacks like these will only continue. Building up proper digital defenses as well as clear physical security safeguards and protocols can make the difference between stopping an attack and grave consequences that imperil the health, safety and wellbeing of millions of Americans.
Peter Cavicchia II 