Many Water Utilities Have High-Risk Cybersecurity Vulnerabilities

 In Industry Highlights
0

cybersecurity vulnerabilities

Image courtesy of Richard Patterson under Attribution 2.0 Generic Deed, resized to 700 x 391 pixels.

A new report from the Environmental Protection Agency’s Office of Inspector General warns that cybersecurity vulnerabilities are widespread across the water utility industry.  Specifically, nearly 10% of the drinking water systems analyzed were found to have “high-risk” susceptibilities.

Scope of the Water Industy’s Cybersecurity Vulnerabilities

The federal watchdog analyzed 1,062 drinking water systems serving at least 50,000 customers each (for a total of nearly 200 million people).  It found that 97 of these systems, or about 9%, had “either critical or high-risk cybersecurity vulnerabilities.”  In total, these at-risk systems serve approximately 27 million customers.  In addition, another 211 systems serving nearly 83 million customers were tagged as being a medium or low risk for cyber-attacks.

While the report does not identify specific examples, it does state that a cyber attack could cause certain functionality to malfunction, take down websites and other online properties, cause service interruptions, or result in a data breach.

From a financial standpoint, a separate study from 2023 concluded that a 1-day disruption to water service across the U.S. could stymie up to $43 billion in economic activity.  The financial impact on a single water utility could be up to $132 million in lost revenue per day.

A related finding from the report is that the EPA does not currently have a reporting infrastructure in place to allow water and wastewater systems to report cyber-attacks.  Similarly, no documentation exists that outlines any reporting or notification procedure.

Overall, this may not necessarily serve as a wakeup call for the water utility industry, but it does reinforce what we already know.  Already, water systems in California, Kansas, Texas, Florida, and elsewhere have been hit with ransomware attacks.  In addition, American Water Works, which supplies water across 14 states, was attacked Oct. 2024.

The bottom line is that the water utility industry has some work to do to eliminate as many cybersecurity vulnerabilities as possible, as quickly as possible, in order to help optimize emergency preparedness.

Recommended Posts

Leave a Comment

Start typing and press Enter to search

Hurricane Beryl
Texas Concludes Investigation into Hurricane Beryl Utility PerformanceIndustry Highlights
annual utility spending
EIA Says Annual Utility Spending is on the RiseIndustry Highlights