Cyberattacks on U.S. water utilities worsen, posing growing threat to infrastructure, study finds
(UI) — A new report from cybersecurity firm Semperis reveals that critical infrastructure operators in the U.S. and U.K. are facing an intensifying wave of cyberattacks, particularly targeting water and electricity utilities. The report found that 62% of utility operators were targeted in the past year, and of those, 80% experienced multiple attacks. More than half reported permanent data or system loss.
The study, The State of Critical Infrastructure Resilience, cites an increase in attacks from nation-state actors. One such incident involved the Volt Typhoon group, linked to the Chinese government, which breached a public utility in Littleton, Massachusetts. American Water Works, the largest water utility in the U.S., also reported a cybersecurity breach that disrupted customer service and billing.
In response, the U.S. Environmental Protection Agency issued an advisory urging water utilities to improve their ability to detect and respond to cyber threats.
Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor, warned of ongoing infiltration attempts: “Many public utilities likely don't realize that China has infiltrated their infrastructure,” he said. “Chinese-sponsored threat actors like Volt Typhoon are known to prefer Living off the Land attacks, which are difficult to detect and can remain dormant.”
The report also found that 81% of attacks compromised identity systems such as Active Directory and Okta. Despite this, 38% of utility operators said they did not believe they had been targeted, a figure experts see as alarmingly high.
“If you don't improve resilience, attackers keep coming,” said Semperis CEO Mickey Bresman. “Utilities need to assume breaches will happen and prepare accordingly.”
To mitigate future attacks, the report recommends that utilities identify Tier 0 infrastructure, prioritize incident response, and test secure recovery procedures regularly.
Related News
From Archive
- OSHA issues 16 citations following fatal sewer confined space incident
- 27 pipeline safety violations tied to deadly Pa. chocolate factory explosion
- Contractor gas line strike triggers home explosion in Missouri
- LA recovery reports call for $650 million power line burial, major utility upgrades in Pacific Palisades
- Comprehensive microtrenching FAQ: Key insights on the Vermeer MTR516 microtrencher
- T-Mobile to expand fiber broadband infrastructure footprint with $4.9 billion Metronet acquisition
- First tunnel boring machines complete testing for Hudson Tunnel Project
- NWPX grows water infrastructure portfolio with Colorado precast facility
- Cityside launches $100 million fiber build in Corona, Calif.
- FiberLight to build 1,400-mile West Texas dark fiber network in $350 million expansion
Comments