Connecting Waterpeople

U.S. officials warn of the vulnerability of water systems to cyberattacks

  • U.S. officials warn of the vulnerability of water systems to cyberattacks
Schneider Electric


Last month experts and lawmakers warned a U.S. Senate committee about cybersecurity vulnerabilities in the country’s critical water sector, reported The Hill.

The threat of cyber-attacks on critical infrastructure has been very present in the recent past, including the water sector. Earlier this year a drinking water treatment plant in the town of Oldsmar, in Florida, was attacked by hackers who tried to poison the water supply. Other reported hacking incidents have also targeted water facilities in San Francisco and rural Kansas.

“I believe that the next Pearl Harbor, the next 9/11, will be cyber, and we are facing a vulnerability in all of our systems, but water is one of the most critical and I think one of the most vulnerable,” Senator Angus King told the Senate Environment and Public Works Committee. “There is an incipient nightmare here, and it involves all sectors of our critical infrastructure, but water I think is probably the most vulnerable because of the dispersed nature of water systems in the country”, he added.

He is the co-chairman of the Cyberspace Solarium Commission (CSC), a U.S. bipartisan, intergovernmental body tasked with developing a strategic approach of defence against cyberattacks.

The committee also heard from John Sullivan, the chief engineer of the Boston Water and Sewer Commission, who said his organization was hit by a ransomware attack in 2020, but was able to recover without any operations being compromised. He emphasised that many of the nation’s 50,000 drinking water systems and 16,000 wastewater systems lack the resources and knowledge to respond to a cyberattack.

The problem is particularly serious in smaller water systems, often in rural areas, with few resources to respond to these attacks. There are no federal standards for water operators in terms of cybersecurity. In contrast, other sectors such as banking are regulated in this regard.

Committee leaders agreed on the need for action to secure water systems, and member Shelley Moore Capito said cybersecurity policies would likely be included in the upcoming Water Resources Development Act.

Featured news