The largest water utility in the United States, American Water, recently faced a significant cybersecurity incident.
The company had to shut down its customer portal and pause billing operations indefinitely. The incident was discovered on a Thursday, and the company immediately took protective measures. Despite the breach, American Water assured customers their water is safe to drink, and that none of its water or wastewater facilities were negatively affected.
The company is working around the clock to investigate the incident and restore its systems. The investigation is ongoing, and the company has notified law enforcement and is cooperating with them. The call center is currently experiencing limited functionality because of the shutdown of the customer service portal.
The U.S. water and wastewater sector has become an increasingly attractive target for cyberattacks, with recent incidents highlighting the need for stronger cybersecurity measures. The Environmental Protection Agency has also announced stepped-up cybersecurity oversight provisions across U.S. drinking water systems. https://www.govinfosecurity.com/largest-us-water-utility-hit-by-cybersecurity-incident-a-26478 (Oct. 08, 2024).
Commentary
Infrastructure attacks affect all organizations and workplace participants and not just those who have essential services interrupted.
Unfortunately, infrastructure attacks are increasing. In 2024, there was a notable surge in cyberattacks targeting critical infrastructure, including healthcare systems and energy sectors. These attacks have become more frequent and sophisticated, with threat actors exploiting vulnerabilities in network devices and industrial control systems. https://www.dni.gov/files/CTIIC/documents/products/Recent_Cyber_Attacks_on_US_Infrastructure_Underscore_Vulnerability_of_Critical_US_Systems-June2024.pdf
These attacks can have severe economic impacts, affecting various sectors of the economy and causing widespread disruption including:
- Lost production and sales, reduced income for employees, and even temporary or permanent closure of organizations dependent on the infrastructure damaged.
- Repeated infrastructure attacks can erode public trust in the reliability of essential services, leading to decreased consumer and investor confidence.
- The ripple effects of infrastructure attacks can extend beyond immediate disruptions, affecting long-term economic growth and stability.
The final takeaway is that even if your organization has not been directly affected by an infrastructure attack, it is a best practice to prepare for the possibility of an infrastructure attack that can affect your organization.
