A cyberattack has forced one of the US’ largest publicly traded water and wastewater utility firms, American Water, to shut down some IT systems.
In a filing with the US SEC, the affected firm has already contacted a third-party security provider to assist it in addressing the incident, containing it, and assessing its overall impact.
In addition, the agency stated that it already notified the relevant law enforcement agencies regarding the incident. As of now, they are working together to conduct a joint and ongoing investigation.
Another filing to the 8-K regulatory board revealed that the company had secured its systems and data. Some of their initial safety measures include disconnection or deactivating specific systems to isolate the attack.
The attack also forced American Water to lock down its public-facing website.
A separate statement on the American Water website revealed that the cyberattack forced the firm to lock down its online customer interface, MyWater, suspending its billing processes. However, a company spokesperson insisted there would be no late customer charges if the company’s systems were still unavailable.
The company also believes this event did not harm its water systems, wastewater facilities or activities. American Water employs over 6,500 people and provides water and wastewater services to more than 14 million individuals across 14 states and 18 military locations.
However, this incident is not an isolated case as it follows a similar one at the Arkansas City, Kansas, water treatment facility, which was forced to resort to manual operations following a cyberattack.
These issues follow a TLP:AMBER notice issued by the Water Information Sharing and Analysis Center (WaterISAC). The agency is a nonprofit organisation that assists water utilities in protecting themselves from cyber threats. The reports claimed that the attack was conducted by Russian-linked hackers targeting the water sector.
These attacks on this critical sector are gaining traction worldwide. Therefore, this sector, especially water-provider organisations, should improve its cybersecurity defences to avoid being victims of cybercriminal campaigns.