American Water, the largest regulated water and wastewater utility company in the US, has begun the process of reactivating its infrastructure following a cybersecurity incident that prompted the company to take its systems offline on October 7th.
The company, which serves more than 14 million people across 14 states and 18 military installations, has confirmed that there is no evidence to suggest that the cyber incident had any impact on its water or wastewater facilities. In an update provided on October 10th, American Water reassured customers that they will not incur any late fees as a result of the disruption to its systems. Additionally, the company announced that its customer portal, MyWater, is once again operational and standard billing procedures have resumed.
According to the company, the reconnection of its systems is being carried out in accordance with its cyber incident response protocols. Both its internal security team and external parties have verified that the systems are secure and can be safely brought back online.
In a statement to the US Securities and Exchange Commission (SEC), American Water emphasized its commitment to prioritizing the cybersecurity of its systems and data. The company stated that it has implemented additional measures to bolster the security of its systems in light of the incident.
The cyber incident involving American Water has once again highlighted the growing concerns surrounding the vulnerability of critical infrastructure to cyberattacks. Nick Creath, senior global product manager at Rockwell Automation, emphasized the importance of integrating cybersecurity measures into both new and legacy systems to prevent potential disruptions or more serious consequences.
“This attack underscores the susceptibility of water treatment facilities and other critical infrastructure to cyber threats, particularly in cases where cybersecurity measures are inadequate or overlooked,” stated Creath in an email to Dark Reading. “It is crucial for operators to recognize that even facilities equipped with advanced technologies are not immune to cyberattacks. This incident should serve as a wakeup call for operators to prioritize cybersecurity across all systems to mitigate the risk of service interruptions and more severe outcomes.”
As American Water works towards restoring full functionality to its systems, the incident serves as a reminder of the ongoing need for vigilance and investment in cybersecurity measures across all sectors of critical infrastructure. In an increasingly digital world, protecting essential services from cyber threats is paramount to safeguarding public health and safety.