What are Adversaries Doing in the U.S. Water Supply?

BOTTOM LINE UP FRONT — It’s a serious threat to the nation’s critical infrastructure that not enough people are talking about. That’s the view of cybersecurity experts who worry about a spate of recent attacks on local water supply facilities in the U.S. While the number of attacks is small and the damage has been limited, experts say that individual cybercriminals and nation-state actors looking for holes in America’s critical infrastructure have found an open door, all too easily, in an area of enormous concern. 

The attacks on water utilities have come in small and remote communities – Alquippa, Pennsylvania and Muleshoe, Texas, to name two – a fact that may explain the limited public attention. But recent reports from cybersecurity experts and a warning from the White House have boosted the profile of the threat. Mandiant issued a report this month tying Russian hackers to a breach of water facilities in Texas; in December, the Cybersecurity and Infrastructure Security Agency (CISA) warned that CyberAv3ngers, a group linked to Iran, was “actively targeting and compromising” water facilities; and other attacks have been traced to China.