On Monday, October 7th, American Water Works Co. Inc. announced that hackers had infiltrated their computer network and systems.
According to a report by Bloomberg on Monday, the New Jersey-based company has taken measures to control the network attack by partially disrupting or disabling some systems. They are currently investigating the nature and scope of the hacking incident discovered on October 3. In regulatory filings submitted on Monday, the company stated that they do not believe their water or wastewater treatment operations have been affected at the moment, but they cannot predict the full impact of the hacker intrusion.
The company stated in the filings that they do not anticipate the network attack to have a significant impact on the company or its finances.
On May 20, the Environmental Protection Agency (EPA) in the United States warned that cyber attacks targeting water companies across the country are becoming more frequent and severe. The EPA issued an enforcement alert urging water systems to take immediate action to protect America’s drinking water.
The agency also stated that about 70% of utility companies inspected by federal officials last year violated standards to prevent system breaches or other intrusions. Officials emphasized the need for even small water systems to strengthen measures against hacker attacks.
The EPA pointed out that since water companies typically rely on computer software to operate treatment plants and distribution systems, safeguarding information technology and process controls is crucial.
The EPA stated that the potential impacts of cyber attacks could include disruptions in water treatment and storage, damage to pumps and valves, and alteration of chemical levels to dangerous levels.
Earlier this year, the United States accused a state-sponsored Chinese hacker network organization called “Volt Typhoon” of compromising information technology systems of several critical infrastructure systems in the U.S. and its territories, including drinking water. At that time, cybersecurity experts believed that the “Volt Typhoon” hacker organization was preparing for attacks, laying the groundwork for potential network attacks in the event of armed conflict or escalating geopolitical tensions.