American Water Suffers Network Disruptions After Cyberattack

  /     /     /  
Publicated : 23/11/2024   Category : security


American Water Suffers Network Disruptions After Cyberattack


The largest publicly traded water utility in the US was forced to disconnect some of its online systems, and its website and telecommunications system remained unavailable as of Tuesday morning, Oct. 8.



The website of the largest publicly traded water utility in the US remained offline this morning after a cyberattack Oct. 3 forced the company to shut down some of its connected systems and services.
American Water is a significant supplier of water in the US, serving more than 14 million customers across 14 states and 18 military installations. The company employees about 6,500 people across its facilities. It discovered unauthorized activity within its computer networks and systems on Oct. 3 that turned out to be the result of a cybersecurity incident, the company reported in a
Form 8-K filing
with the US Securities and Exchange Commission.
The company activated incident-response protocols and enlisted third-party cybersecurity experts to help it contain and mitigate the attack, which included disconnecting and deactivating certain systems to protect systems and data, it reported.
The outages appear to have included the companys online customer-facing sites, as the American Water website as well as its MyWater customer portal served up white pages with Forbidden 403 text today.
An attendant who answered a Dark Reading phone call to American Waters headquarters in Camden, N.J., early on Oct. 8 said she was unable to connect to a member of the media relations team, nor leave a message for anyone because the telecommunications system also is down.
At this time, it seems that none of the companys water or wastewater facilities or operations have been negatively affected by the incident, although its too soon to predict the full impact and material effect it will have on the company, according to the filing. An investigation alongside law enforcement officials remains ongoing as to the exact cause and extent of the damage.
Critical infrastructure
such as the public
water supply
and electricity grid both in the US and
overseas
face
increasing risk
of attack from threat actors, incidents that have the potential to not only affect network infrastructure or financial coffers, but also cause supply shortages or even physical harm.
The now-infamous May 2021
ransomware attack on Colonial Pipeline
is a prime example of the former, while a February 2021 attack on a
Florida water-treatment facility,
which potentially
could have poisoned
the water supply if an employee hadnt acted quickly, demonstrates the latter.
“We often overlook how vulnerable our everyday essentials are to digital threats, observes Akhil Mittal, senior manager of cybersecurity strategy and solutions at Black Duck (formerly known as Synopsys Software Integrity Group). We’re not just talking about data breaches — this is about the safety of millions of people who rely on clean water every day. A cyber incident like this could disrupt water services, delay safety checks, and potentially risk public health.
Unsurprisingly concerned, US federal authorities have put a concerted effort into to doing more to ensure cybersecurity measures at water utilities are a mandatory effort, as nearly 70% of the United States community drinking water systems
fails to comply
with the Safe Drinking Water Act, according to the Environmental Protection Agency (EPA).
In fact, the EPA planned to
ramp up efforts
to enforce the act and other regulatory efforts to ensure better cybersecurity safety across water utilities in May. However, the agency had to
roll back these actions
last year after it faced litigation from Republican lawmakers and industry groups. Other agencies like CISA have advanced
cybersecurity guides for the water sector
in the wake of that failed effort.
Prevention of cybersecurity attacks through
infrastructure security
is indeed the key to ensuring critical services such as the ones utilities offer remain safe, as protecting these systems is no longer optional now, but critical to keep things running smoothly and safely, Mittal says.
As this is too late in the case of American Water, he adds, the key to recovering quickly from the incident now will be in taking quick actions to contain the attack, getting all systems back online in a reasonable time frame, and being transparent with the public about what happened.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
American Water Suffers Network Disruptions After Cyberattack