American Water, the largest regulated water and wastewater utility company in the US, is now reconnecting its infrastructures, after taking its systems offline due to a cybersecurity incident it reported on Oct. 7.
The company provides drinking water and sewer services to more than 14 million people across 14 states and 18 military installations. In an update on Oct. 10, it reported that there is no evidence to support that the cyber incident impacted its water or wastewater facilities. It also noted that while its customers will not face any late fees for the time its systems were unavailable, its customer portal, MyWater, is now operational once more, and standard billing processes will resume.
Systems are being reactivated in coordination with the company’s cyber incident response protocols, after its internal security team, as well as external parties, confirmed that the systems are secure, it said.
“American Water takes the cybersecurity of its systems and related data with utmost seriousness and has taken additional steps to strengthen the cybersecurity of its systems,” said the company in its update to the US Securities and Exchange Commission (SEC).
This incident only adds to the rising concerns regarding critical infrastructure being a prime victim for cyberattacks.
“This attack highlights the vulnerability of water treatment facilities and other critical infrastructure to cyberattacks, especially when cybersecurity is underfunded or overlooked,” said Nick Creath, senior global product manager at Rockwell Automation, in an emailed statement to Dark Reading. “Operators must recognize that even newer facilities, with advanced technologies, are not immune to attacks. This incident serves as a wake-up call for operators to ensure that cybersecurity is integrated into both new and legacy systems to prevent service disruptions or more severe consequences.”