American Water Reconnects Infrastructure After Cybersecurity Incident
American Water, the largest regulated water and wastewater utility company in the United States, is in the process of reconnecting its infrastructure following a cybersecurity incident that forced the company to take its systems offline on October 7. This incident has raised significant concerns about the vulnerability of critical infrastructure, particularly in the realm of water treatment and distribution.
Overview of the Incident
On October 7, American Water reported a cybersecurity incident that led to the temporary shutdown of its systems. The company, which provides drinking water and sewer services to over 14 million people across 14 states and 18 military installations, acted swiftly to protect its operations. In an update issued on October 10, American Water assured its customers that there was no evidence to suggest that the cyber incident had any impact on its water or wastewater facilities.
Customer Impact and Service Resumption
Despite the disruption, American Water has taken steps to mitigate the impact on its customers. The company announced that customers would not incur any late fees during the period when its systems were unavailable. Furthermore, the customer portal, MyWater, has been restored to full functionality, allowing customers to access their accounts and billing information. Standard billing processes are set to resume, ensuring that the transition back to normal operations is as seamless as possible.
Security Measures and System Reactivation
The reactivation of American Water’s systems is being conducted in accordance with the company’s cyber incident response protocols. Both the internal security team and external cybersecurity experts have confirmed that the systems are secure before being brought back online. In a statement to the U.S. Securities and Exchange Commission (SEC), American Water emphasized its commitment to cybersecurity, stating, "American Water takes the cybersecurity of its systems and related data with utmost seriousness and has taken additional steps to strengthen the cybersecurity of its systems."
Broader Implications for Critical Infrastructure
This incident underscores the growing concerns surrounding the cybersecurity of critical infrastructure. As highlighted by Nick Creath, senior global product manager at Rockwell Automation, the attack serves as a stark reminder of the vulnerabilities faced by water treatment facilities and other essential services. "Operators must recognize that even newer facilities, with advanced technologies, are not immune to attacks," Creath stated. He emphasized the importance of integrating cybersecurity measures into both new and legacy systems to prevent service disruptions and mitigate potential consequences.
Conclusion
The cybersecurity incident at American Water is a wake-up call for utility companies and other critical infrastructure operators. As cyber threats continue to evolve, it is imperative that these organizations prioritize cybersecurity investments and strategies to safeguard their systems. The swift response by American Water, along with its commitment to enhancing security measures, reflects a proactive approach to protecting vital services that millions of people rely on daily. As the company works to fully restore its operations, the incident serves as a crucial reminder of the importance of resilience in the face of cyber threats.