Cyberattacks on U.S. water utilities worsen, posing growing threat to infrastructure, study finds
(UI) — A new report from cybersecurity firm Semperis reveals that critical infrastructure operators in the U.S. and U.K. are facing an intensifying wave of cyberattacks, particularly targeting water and electricity utilities. The report found that 62% of utility operators were targeted in the past year, and of those, 80% experienced multiple attacks. More than half reported permanent data or system loss.
The study, The State of Critical Infrastructure Resilience, cites an increase in attacks from nation-state actors. One such incident involved the Volt Typhoon group, linked to the Chinese government, which breached a public utility in Littleton, Massachusetts. American Water Works, the largest water utility in the U.S., also reported a cybersecurity breach that disrupted customer service and billing.
In response, the U.S. Environmental Protection Agency issued an advisory urging water utilities to improve their ability to detect and respond to cyber threats.
Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor, warned of ongoing infiltration attempts: “Many public utilities likely don't realize that China has infiltrated their infrastructure,” he said. “Chinese-sponsored threat actors like Volt Typhoon are known to prefer Living off the Land attacks, which are difficult to detect and can remain dormant.”
The report also found that 81% of attacks compromised identity systems such as Active Directory and Okta. Despite this, 38% of utility operators said they did not believe they had been targeted, a figure experts see as alarmingly high.
“If you don't improve resilience, attackers keep coming,” said Semperis CEO Mickey Bresman. “Utilities need to assume breaches will happen and prepare accordingly.”
To mitigate future attacks, the report recommends that utilities identify Tier 0 infrastructure, prioritize incident response, and test secure recovery procedures regularly.
Related News
From Archive
- Intrepid Fiber breaks ground on fiber optic network in Superior, Colo.
- Excavator collides with I-95 overpass in Henrico, Va., causing multi-vehicle crash
- Shrewsbury, Mass., expands sewer inspections and cleaning efforts
- Construction worker killed in trench collapse near Prosperity, S.C.
- Two workers rescued after hours trapped in Mich. trench collapse
- WES tunnel boring machine retrieved from Oregon river after seven-month project
- Illinois overhauls Peoples Gas pipeline program, mandates focus on high-risk pipes
- Ameren Illinois to invest $140 million in natural gas pipeline replacement program
- Charlottesville, Va., to begin work on 24-inch water line for Rivanna River crossing
- Mass. governor slams Trump for ‘dangerous delay’ of $50 million in lead pipe replacement funds
Comments