A cyberattack has impacted American Water, the largest regulated water and wastewater utility company in the United States, prompting a renewed emphasis on safeguarding critical infrastructure sites. The New Jersey-based company disclosed the cyberattack on Monday, leading to a temporary halt in customer billing. The unauthorized activity was detected on Thursday, prompting immediate protective measures, including the shutdown of certain systems. Fortunately, water services have remained unaffected due to the security measures put in place.
American Water, serving over 14 million individuals across 14 states and 18 military installations, stated that its facilities and operations do not appear to have been directly impacted by the cyberattack. However, the company's staff is diligently investigating the incident to ascertain its nature and extent. According to cybersecurity experts, the attack on American Water seems to be more IT-focused rather than operational in nature.
Jack Danahy, the Vice President of Strategy and Innovation at NuHarbor Security, highlighted that incidents like this underscore the potential vulnerabilities of critical infrastructure systems. He noted that as customer services, including billing, have become more digitally accessible, they are exposed to a broader range of risks that were previously less prevalent.
The U.S. Cybersecurity and Infrastructure Security Agency, along with the Environmental Protection Agency, have urged water systems nationwide to take immediate steps to enhance their cybersecurity defenses. Recent inspections revealed that approximately 70% of utilities failed to meet the standards aimed at preventing breaches and intrusions, as reported by the EPA.