In an increasingly digital world, cybersecurity is a significant – and relevant – threat to individuals and companies alike. Cybercriminals are constantly devising new ways to steal information for personal gain through exploitation or ransom demands.

It’s become unfortunately commonplace to hear tales of drained checking accounts, leaked photos, and private documents being published to the masses. In this post-pandemic era, the move to hybrid and remote work dynamics has tempted nefarious actors even more. In 2021, the average instance of data breaches and cyberattacks rose more than 15% year over year.

While virtually every aspect of modern life is at risk for cybercrime, one surprising target is the utility industry. The water and power grid appeal to criminals looking to wreak havoc and can potentially risk the health and livelihoods of millions of people.

The Structure of Water Utilities

Across the nation, there are as many as 70,000 separate water utilities in the United States, encompassing both potable and wastewater systems. Many of these systems are small, serving low-density communities and functioning on limited budgets. The fragmented nature of water utility coverage coupled with low budgets and limited technologic expertise means many systems are outdated and under-protected.

Vulnerability and Attacks Targeting the Water System

It’s not uncommon to receive emails or notifications from banking institutions alerting customers of new security threats, particularly phishing tactics. What is unique is hearing from some of the most prominent government institutions – including the FBI, the NSA (National Security Agency), the EPA (Environmental Protection Agency), and the CISA (Cybersecurity and Infrastructure Security Agency) – with a very specific warning: the water and wastewater systems across the US are the target of criminals.

The catalyst for this was a 2021 incident you may not have even heard of. A water treatment plant in Oldsmar, (Read more...)