Water Supply Hacks Are a Serious Threat—and Only Getting Worse

Water Supply Hacks Are a Serious Threat—and Only Getting Worse

In January 2019, Wyatt Travnichek left his job at the Post Rock Rural Water District, whose 1,800 miles of water-main pipe supply customers across eight counties in the dead center of Kansas. Two months later, prosecutors say, he logged back in to the facility’s computer system and proceeded to tamper with the processes it uses to clean and disinfect the drinking water.


When it comes to critical infrastructure security, the power grid attracts most of the public's attention—and understandably so. Threats to the power grid are real and scary; just ask anyone in Ukraine, which has experienced multiple large-scale blackouts effected by Russia’s Sandworm hackers. But the Post Rock incident, revealed in an indictment on Wednesday, is a sharp reminder that the water supply system presents just as devastating a target. 


The indictment comes just two months after a still unknown hacker attempted to poison the water supply of Oldsmar, Florida, and it marks the third publicly disclosed attack on a water system that posed a direct risk to the health of a utility's customers. (In 2016, Verizon Security Solutions found that hackers had successfully changed the chemical levels at an unnamed utility.) Cyberattacks that could cause physical harm remain vanishingly rare, but the nation's water systems are an increasingly popular target. And experts say these systems largely aren't equipped to handle the threats.

“Everybody thinks about people taking down power to areas, because it’s something you're familiar with. Everyone’s been through a pow ..