Cyberattacks on U.S. water infrastructure are rising. The National Cyber Strategy includes new regulations directing an increased focus on cybersecurity to ensure the safety of public drinking water.
Threat actors and nation-states have already attacked U.S. water systems, like the failed Iranian cyberattack on a New York dam in 2013, and the January 2021 cyberattack, when a water treatment plant in the San Francisco Bay Area suffered an attack where an undisclosed hacker deleted crucial programs used to treat drinking water.
The most significant cybersecurity risk for water facilities often comes from insider threats: human error, stolen credentials, and malicious actors. While incidents stemming from the first two categories are more common, all insider attacks are on the rise, as indicated by the Ponemon Institute’s research, which found that every surveyed company had experienced an insider incident last year.
The 2021 incident in Oldsmar, Florida, demonstrated the impact of human error when an employee accidentally clicked the wrong button. The recent attack on the Discovery Bay Water Treatment facility in Tracy, California, by a contractor, shows how dangerous a malicious…
