Cyberattacks on U.S. water utilities worsen, posing growing threat to infrastructure, study finds
(UI) — A new report from cybersecurity firm Semperis reveals that critical infrastructure operators in the U.S. and U.K. are facing an intensifying wave of cyberattacks, particularly targeting water and electricity utilities. The report found that 62% of utility operators were targeted in the past year, and of those, 80% experienced multiple attacks. More than half reported permanent data or system loss.
The study, The State of Critical Infrastructure Resilience, cites an increase in attacks from nation-state actors. One such incident involved the Volt Typhoon group, linked to the Chinese government, which breached a public utility in Littleton, Massachusetts. American Water Works, the largest water utility in the U.S., also reported a cybersecurity breach that disrupted customer service and billing.
In response, the U.S. Environmental Protection Agency issued an advisory urging water utilities to improve their ability to detect and respond to cyber threats.
Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor, warned of ongoing infiltration attempts: “Many public utilities likely don't realize that China has infiltrated their infrastructure,” he said. “Chinese-sponsored threat actors like Volt Typhoon are known to prefer Living off the Land attacks, which are difficult to detect and can remain dormant.”
The report also found that 81% of attacks compromised identity systems such as Active Directory and Okta. Despite this, 38% of utility operators said they did not believe they had been targeted, a figure experts see as alarmingly high.
“If you don't improve resilience, attackers keep coming,” said Semperis CEO Mickey Bresman. “Utilities need to assume breaches will happen and prepare accordingly.”
To mitigate future attacks, the report recommends that utilities identify Tier 0 infrastructure, prioritize incident response, and test secure recovery procedures regularly.
Related News
From Archive
- Inside Sempra’s 72-mile pipeline with 18 major trenchless crossings
- Trump vetoes bill to finish $1.3 billion Colorado water pipeline
- PHMSA warns of heat risks in aging plastic gas distribution pipelines following deadly Pennsylvania explosion
- Infrastructure failure releases 100,000 gallons of wastewater in Houston; repairs ongoing
- OSHA seeks $1.2 million fine after fatal trench collapse in Connecticut
- Worm-like robot burrows underground to cut power line installation costs
- First tunnel boring machines complete testing for Hudson Tunnel Project
- Infrastructure failure releases 100,000 gallons of wastewater in Houston; repairs ongoing
- Construction jobs stumble into 2026 after weak year
- NWPX grows water infrastructure portfolio with Colorado precast facility
Comments