American Water cyberattack renews focus on protecting critical infrastructure

FILE - The largest regulated water and wastewater utility company in the U.S., American Water, its building in Camden, N.J., seen in the foreground on June 17, 2024, says it was the victim of a cyberattack, prompting the firm to pause billing to customers. (AP Photo/Matt Slocum, File)
ad-papillon-banner
ad-banner-plbr-playa-linda
ad-banner-setar-tourist-sim-watersport2024
ad-aqua-grill-banner
ad-aruba-living-banner
265805 Pinchos- PGB promo Banner (25 x 5 cm)-5 copy
ad-banner-costalinda-2024
ad-banner-casadelmar-2024

By BRUCE SHIPKOWSKI

Associated Press

CAMDEN, N.J. (AP) — A cyberattack continues to affect the largest regulated water and wastewater utility company in the United States, renewing a focus on the importance of protecting critical infrastructure sites.

New Jersey-based American Water paused billing to customers as it announced the cyberattack on Monday. It said it became aware of the unauthorized activity on Thursday and immediately took protective steps, including shutting down certain systems. Water services have been unaffected as protections remained in place Wednesday.

The company — which provides drinking water and sewer services to more than 14 million people in 14 states and on 18 military installations — said it does not believe its facilities or operations were impacted by the attack, although staffers were working “around the clock” to investigate its nature and scope.

The attack against American Water appears to be an “IT focused attack” more than an operational one, according to Jack Danahy, vice president of strategy and innovation at Colchester, Vt.-based NuHarbor Security in Vermont.

“People haven’t traditionally thought of pieces of infrastructure, such as water and wastewater service as being prone to threats, but incidents like this shows how quickly problems could occur,” Danahy said. “As billing and other services have become more accessible to customers in recent years, they’re now exposed to more types of risks and concerns that were not previously there.”

The U.S. Cybersecurity and Infrastructure Security Agency and the Environmental Protection Agency urged water systems to take immediate actions this year to protect the nation’s drinking water. About 70% of utilities inspected by federal officials recently violated standards meant to prevent breaches or other intrusions, the EPA said.