Increasing Cyberattacks on Water Utilities

Water Utilities Cyberattacks

Hacker groups from Russia, China, and Iran have all taken credit for recent cyberattacks on water utility companies in recent months, the EPA even warning smaller communities to take action. Water utility companies are on notice during federal inspections over the last year. Roughly 70% of them violated standards meant to prevent data breaches or cyberattacks. Some failures as simple as using default passwords are allowing former employees to access sensitive systems.


PRC hackers are targeting our critical infrastructure. Our water treatment plants, our electrical grid. -Christophet Wray, FBI Director

While the warnings aren’t new, the EPA says the attacks are more severe and frequent. In April and a water treatment facility in Indiana, Russian hackers took responsibility for a cyber attack that caused minimal disruption.

Late last year, in Iranian-linked group targeted a water provider in a small Pennsylvania town in a geopolitical attack going after an Israeli-made device used by the utility.

Any of the nation’s infrastructure, electric, water utilities, are always under great scrutiny by adversaries that are potentially interested in causing harm from afar.

Cyber attack is a great leveling capability against any nation state.

This could be just an ever-increasing way to let the nation’s utilities that they take even greater notice that they are doing everything possible to prevent any type of cyber attack.

Rob Lee, Cybersecurity Expert, SANS Institute

The alerts sent by the EPA says the impact of a cyberattack could range from interruptions to water treatment and storage to drastic changes in the amount of chemicals used to treat drinking water. And in recent months, the EPA sent governors, letters urging the states to come up with comprehensive cybersecurity plans in the case of an attack.


Protecting Water Utilities from Cyberattacks

There are many simple and practical things that water utilities can do to add protection against cyberattacks such as changing default passwords, disabling open USB ports, and requiring password changes. But many time hackers exploit human error.

Using a NIST-compliant Zero Trust framework provides a proactive approach to protecting the operational technology (OT) and industrial controls that are used to operate water utilities. Veridify’s DOME platform provides the following capabilies

  • NIST-compliant Zero Trust framework
  • Protects installed devices – including IP-based and serial devices
  • Stops cyberattacks in real-time
  • Equipment and vendor-agnostic
  • Quantum-Resistant for long-term protection


DOME creates a root of trust in a block chain, requires devices to be authenticated to a specific building, and requires devices to be authenticated to each other. For network communication, every packet is authenticated and encrypted. Any device that attempts to communicate with a device protected by DOME will be blocked and an alert generated.

Blog Post Summary – All of our posts listed on one page back through 2019
Keyphrase: water utilities cyberattacks