The Water Sector Coordinating Council last week announced a new cybersecurity report focusing on water and wastewater utilities in the United States. The release of the report coincided with news that a threat actor in January attempted to poison the water at a facility in the U.S.
The Water Sector Coordinating Council describes itself as “a policy, strategy and coordination mechanism for the Water and Wastewater Sector in interactions with the government and other sectors on critical infrastructure security and resilience issues.”
The organization in April surveyed 606 individuals working at water and wastewater utilities in the U.S. to get a better understanding of the sector in terms of cybersecurity.
According to the report made public on June 17, 356 of respondents said they did not experience any IT security incident in the past year. Three respondents said they experienced 5 or more incidents and 83 reported 1-4 incidents in the last 12 months.
When it comes to cyber incidents involving operational technology (OT) systems, 410 respondents reported no incidents, 25 said they experienced 1-4 incidents, and one organization admitted suffering 5 or more incidents.
The same day the report was published, NBC News revealed that a hacker attempted to poison an unnamed water treatment plant that serves parts of the San Francisco Bay Area on January 15.
NBC obtained the information from a private report created by the Northern California Regional Intelligence Center in February. According to that report, the hacker used a former employee’s TeamViewer account to gain access to systems at the water facility and started deleting programs used for treating drinking water.
In February, law enforcement revealed that hackers had water sector security report released another water plant comes light
