Hackers Likely To Benefit Off US Weak Spot

Earlier in December, the federal government issued ominous warnings that cautioned against “malicious cyber activity against operational technology” that’s used commonly by wastewater and water providers.

The government warned that this activity has to serve as a wake-up call for the entire country, especially as it revolves around a public utility that Americans ingest.

In November, hackers were able to compromise some computer systems that were designed to monitor and control equipment that’s used to ensure that wastewater and water service is reliable and safe in Aliquippa, Pennsylvania.

Around that same time, the North Texas Municipal Water District had their phones disrupted and business computer systems impacted after hackers claimed they were able to obtain the personal information of customers.

Over the last few years, hackers have begun to target critical infrastructure to disrupt life. One of the most well-known recent examples happened in early 2021, when hackers deleted programs that water treatment plants were using to treat water in the San Francisco Bay region.

A month after that, a hacker was able to adjust the chemicals that are used to treat water in Oldsmar, Florida. That had the potential to actually poison the water that people in the region would’ve consumed.

To this point, all the examples of hackers accessing water treatment systems haven’t had an impact on the environment or on public health. All of them do show, though, just how important the reliability, safety and security of the wastewater and water systems are – and how much work needs to be done to enhance cybersecurity over those systems.

A major challenge to doing this across the country is that the sophistication of wastewater and water treatment facilities throughout the U.S. can vary greatly. All of this inconsistency doesn’t just cause confusion, it also causes problems in ensuring security – which hackers can take advantage of.

In the U.S., there are about 50,000 different water drinking systems, 85% of which are run by the government. In addition, there are about 16,000 wastewater systems, 90% of which the government runs.

This is a huge number compared to, say, other utilities, as there are about 3,300 electric utilities in the U.S.

In an op-ed for media outlet The Hill, Robert Powelson – the president and CEO of the National Association of Water Companies – wrote:

“The disparity among each of those 50,000 systems is often stark. The sobering reality is that too many system operators have been lax in their investments in not only the physical infrastructure but also cybersecurity-related areas. …

“Right now, the lack of universal cybersecurity standards for all water and wastewater utilities is resulting in certain systems failing to meet basic compliance standards. These issues should be addressed in a way that is innovative and universally accepted by all systems, regardless of ownership.”

He further advocated for a national mandate on cybersecurity for all of these facilities “to protect our community water and wastewater operations.”