CAMDEN, N.J. — A significant cyberattack is currently impacting the largest regulated water and wastewater utility service in the United States, highlighting the urgent need to safeguard critical infrastructure.
American Water, based in New Jersey, made the decision to suspend billing for its customers after announcing the cyber event on Monday. The company became aware of the unauthorized activities on Thursday and took immediate measures, including shutting down specific systems to enhance security. Fortunately, water services have remained uninterrupted as precautions were effectively implemented by Wednesday.
This utility, which serves drinking water and sewer services to over 14 million residents across 14 states as well as 18 military bases, reported that it does not believe its facilities or operations have been compromised by the cyberattack. Nevertheless, staff members have been diligently working around the clock to assess the situation and understand the full scope of the incident.
Experts suggest that the cyberattack on American Water is primarily an “IT focused attack,” rather than one aimed directly at operational infrastructure. Jack Danahy, who serves as the vice president of strategy and innovation at NuHarbor Security from Vermont, emphasized that the perception of water and wastewater services as secure from threats is outdated. He remarked that the increasing accessibility of billing and related services to customers has introduced new risks that weren’t previously prevalent.
In response to rising threats, both the U.S. Cybersecurity and Infrastructure Security Agency and the Environmental Protection Agency have urged water systems nationwide to take proactive steps this year to ensure the safety of the country’s drinking water supply. According to the EPA, a recent evaluation found that approximately 70% of examined utilities failed to comply with safety standards designed to prevent security breaches or other unauthorized access.
