![Pinterest](https://pinterest.com/pin/create/button/?url=https://bollspel.com/water-utility-plant-hacking-raises-major-cybersecurity-concerns/&media=https://bollspel.com/wp-content/uploads/2024/01/13436-water-utility-plant-hacking-raises-major-cybersecurity-concerns.jpg&description="Learn about the alarming cybersecurity risks posed by water utility plant hacking and what steps can be taken to protect critical infrastructure. Stay informed and secure your water supply."){kind=link}
The tiny Aliquippa water authority in western Pennsylvania was unexpectedly targeted in an international cyberattack.
It had never sought outside assistance in protecting its systems from a cyberattack, whether at its existing 1930s plant or the new $18.5 million one it is building.
Then it – along with several other water utilities – was hit by Iranian-backed hackers targeting a piece of equipment specifically because it was Israeli-made.
“If you told me to list 10 things that would go wrong with our water authority, this would not be on the list,” said Matthew Mottes, the chairman of the authority that serves about 22,000 people outside Pittsburgh.
The hacking of the Municipal Water Authority of Aliquippa is prompting new warnings from United States security officials at a time when states and the federal government are working on how to protect water utilities against cyberattacks.
The danger, according to officials, is hackers gaining control of automated equipment to shut down pumps that supply drinking water or contaminate drinking water by reprogramming automated chemical treatments, posing threats from Iran and other geopolitical rivals.
Efforts to strengthen cybersecurity in the water utilities sector are facing challenges due to a lack of funding and expertise for the majority of local water authorities, which serve areas where residents are of modest means and cybersecurity professionals are scarce.
Despite this, utilities are struggling to invest in cybersecurity due to underfunded water infrastructure and pushback from public authorities that see cybersecurity measures as a back door to privatization.
New urgency arose in 2021 when the federal government’s leading cybersecurity agency reported five attacks on water authorities over two years, four of them ransomware and a fifth by a former employee.
At the Aliquippa authority, Iranian hackers shut down a remotely controlled device that monitors and regulates water pressure at a pumping station. Customers weren’t affected because crews alerted by an alarm quickly switched to manual operation.
With inaction in Congress, a handful of states passed legislation to step up scrutiny of cybersecurity, including New Jersey and Tennessee. Before this, Indiana and Missouri had passed similar laws. A 2021 California law commissioned state security agencies to develop outreach and funding plans to improve cybersecurity in the agriculture and water sectors.
Legislation died in several states, including Pennsylvania and Maryland, where public water authorities fought bills backed by private water companies.
Private water companies say the bills would force their public counterparts to abide by the stricter regulatory standards that private companies face from utility commissions.