A World Without Drinking Water? Global Utilities are Under Cyberattack.

The world is under a global cyber threat manifested as attacks against one of our most critical infrastructures: our water systems. These vital systems are often digitally insecure, allowing attackers to easily tamper with drinking and wastewater management. France, Poland, and the United States have all been recent victims of these attacks that stem from Chinese, Iranian, and Russian military hackers. Beyond wreaking havoc, these attacks against water systems have elevated hacking to a dangerous and life-endangering level.

On March 18th, the Biden administration and U.S. Environmental Protection Agency (EPA) issued a warning that water utilities are facing "disabling cyberattacks" brought about by hackers targeting mission-critical plant operations. “Disabling cyberattacks are striking water and wastewater systems throughout the United States,” Jake Sullivan, assistant to the president for National Security Affairs, and Michael S. Regan, administrator of the EPA, wrote in a letter. “These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities.”

The danger these hacks bring extends beyond simply shutting down or contaminating drinking water. In 2024 alone, the Cyber Army of Russia has hacked multiple U.S. water utilities in spectacular fashion, such as with its hack of drought-ridden Muleshoe, Texas, where it overflowed a water tower and directed tens of thousands of gallons of water onto the streets. In France, it hacked into both a hydroelectric plant and a separate hydroelectric dam, where they manipulated water levels. This past January, Iranian-backed hackers hacked into the Municipal Water Authority of Aliquippa where they shut down the device that monitors and regulates water pressure at the pumping station. Not to be left out, the Chinese hacking organization, Volt Typhoon, has claimed to have hacked multiple U.S. water systems.  

The risk stems from a lack of funding to the utilities themselves. Many are privately owned, understaffed, and lack basic cybersecurity precautions, making them easy hacking targets. Compounding the issue are lax minimum cybersecurity legislation that fall far below other countries, such as the United Kingdom. This combination has prompted the EPA to form a Water Sector Cybersecurity Task Force that will identify vulnerabilities and make recommendations on how to improve utility security.

After so many attacks, the eyes of the government are finally trained on cybersecurity at our country's utilities. The goal is that, through training and better security protocols, these utilities can stay one step ahead of the hackers. Otherwise, the news may soon cover more than wasted water.