American Water cyberattack has forced the largest water and wastewater utility company in the US to shut down some of its systems following a significant cyber security incident.
The American Water Cyberattack: A Timeline of Events
On October 2nd, 2024, American Water, a public utility serving approximately 14 million customers across 14 US states, detected unauthorized activity within its computer networks and systems. The company immediately initiated its incident response plan, engaging third-party cybersecurity experts to investigate the American Water cyberattack and mitigate its effects. Law enforcement agencies were also promptly notified.
The American Water cyberattack resulted in the proactive shutdown of the company’s customer portal, MyWater, to safeguard customer data. While the company assures that no water or wastewater facilities or operations have been directly affected, the call center experienced limited functionality due to the incident.
In an 8-K filing with the US Securities and Exchange Commission (SEC), American Water confirmed the unauthorized activity and its ongoing efforts to contain and resolve the situation. The company emphasized that there would be no late charges or service disruptions while MyWater remained offline, reassuring customers that their water supply remained safe.
“Our team is working around the clock to investigate this incident and safely restore our systems. Investigations of this nature take time, and we will provide more information when and as appropriate,” the company stated on its website. The extent of the compromised systems beyond MyWater remains undisclosed.
The Broader Context: Attacks on Critical Infrastructure
The American Water cyberattack isn’t an isolated incident. It follows a recent cyberattack against Arkansas City’s water treatment facility, which was forced to temporarily switch to manual operations. These events highlight a concerning trend of cyberattacks targeting critical infrastructure, particularly water and wastewater systems.
The US Cybersecurity and Infrastructure Security Agency (CISA) has previously warned about cyber actors affiliated with an Iranian military organization and the People’s Republic of China successfully exploiting programmable logic controllers (PLCs) and IT networks within several critical national infrastructure (CNI) sectors, including water and wastewater.
Spencer Starkey, Executive VP of EMEA at SonicWall, emphasizes the severity of such attacks:
“The ramifications of an attack and ensuing outage on CNI can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing them.”
He further highlights the national security implications, stressing the need for collaboration between the public and private sectors to deter future attacks.
Impact and Implications of the American Water Cyberattack
The American Water cyberattack has significant implications, extending beyond the immediate disruption of services. The compromise of customer data raises privacy concerns, while the disruption of operations, even temporarily, highlights the vulnerability of essential services to cyber threats. The incident underscores the need for increased investment in cybersecurity infrastructure and robust incident response plans within the water and wastewater sector.
The attack also raises questions about the potential for more widespread and devastating attacks on critical infrastructure, emphasizing the need for proactive measures to safeguard these vital systems. The long-term consequences of the American Water cyberattack remain to be seen, but the incident serves as a stark reminder of the ever-evolving threat landscape and the critical need for enhanced cybersecurity defenses.
The American Water cyberattack serves as a critical wake-up call, emphasizing the urgent need for enhanced cybersecurity measures within the water and wastewater sector and critical infrastructure as a whole. The incident highlights the devastating consequences of successful cyberattacks on essential services and the importance of proactive measures, robust incident response plans, and strong collaboration between public and private sectors to mitigate future risks. The ongoing investigation into the cyberattack will undoubtedly provide valuable insights into the methods employed by the attackers and inform future cybersecurity strategies.