The Rising Tide of Cyber Threats: How Hackers Are Targeting Global Water Infrastructure

Executive Summary

Water infrastructure has emerged as one of the most vulnerable and strategically important targets in the global cybersecurity landscape. Recent data from Britain's Drinking Water Inspectorate reveals five cyberattacks on UK water suppliers since January 2024, marking a record number in any two-year period. This alarming trend is part of a broader international pattern where nation-state actors, ransomware groups, and hacktivists increasingly view water systems as high-value targets for disruption, espionage, and financial extortion. Despite this escalating threat, most attacks have not yet disrupted actual water supplies—though experts warn this is more a matter of luck than robust security.

The UK Water Sector Under Siege

Britain's drinking water watchdog has disclosed unprecedented insight into the cyber threats facing one of the nation's most critical infrastructure sectors. Between January 1, 2024, and October 20, 2025, the Drinking Water Inspectorate (DWI) received 15 security reports from water suppliers under the Network and Information Systems (NIS) Regulations. Of these, five involved cybersecurity incidents affecting what the DWI termed "out-of-NIS-scope systems"—infrastructure not directly involved in water treatment or distribution but still connected to organizational networks.

While none of these incidents disrupted the safe supply of drinking water, their occurrence highlights what British intelligence agencies identify as an escalating threat to critical national infrastructure. The fact that water companies voluntarily reported these incidents, despite not being legally required to do so under current regulations, suggests a growing awareness of the cyber risk landscape among utilities.

The Reporting Gap and Regulatory Evolution

Under current UK regulations, the NIS framework only mandates disclosure of cyber incidents that actually result in disruption to essential services. This creates a dangerous blind spot: sophisticated pre-positioning campaigns, like those conducted by Chinese state-sponsored group Volt Typhoon, would not trigger mandatory reporting requirements even if discovered.

Volt Typhoon represents one of the most significant strategic threats to water infrastructure globally. As detailed in comprehensive research on critical infrastructure attacks, U.S. intelligence agencies assess with high confidence that Volt Typhoon actors have been pre-positioning themselves on IT networks since at least 2021 to enable lateral movement to operational technology (OT) assets. FBI Director Christopher Wray described Volt Typhoon as "the defining threat of our generation," noting that the group has maintained access to some victim environments for at least five years.

British officials recognize this reporting gap and plan to address it through the much-delayed Cyber Security and Resilience Bill, expected to be introduced to Parliament later in 2025. A government spokesperson confirmed: "The cyber threats we face are sophisticated, relentless and costly. Our Cyber Security and Resilience Bill will be introduced to Parliament this year and is designed to strengthen our cyber defences—protecting the services the public rely on so they can go about their normal lives."

The Global Water Infrastructure Crisis

The UK incidents represent only a fraction of a worldwide surge in attacks targeting water systems. The scale of vulnerability is staggering: the United States alone operates approximately 152,000-170,000 public drinking water and wastewater systems, many using outdated technology with limited cybersecurity resources.

Record-Breaking Attack Volumes

The water sector experienced unprecedented cyber activity throughout 2024 and into 2025:

• American Water, the largest regulated water utility in the United States, suffered a major cyberattack in October 2024 that forced the shutdown of customer billing systems and affected operations serving more than 14 million people
• Southern Water in the UK reported a significant data breach in February 2024 that exposed personal and operational data of customers and employees
• Arkansas City Water Treatment Facility in Kansas experienced a cybersecurity incident that required switching to manual operations
• Synnovis, a critical pathology service provider in the UK, suffered a devastating Qilin ransomware attack that disrupted healthcare services
• Canadian utilities reported incidents where hacktivists successfully changed water pressure at local facilities, interfering with industrial control systems

According to the U.S. Environmental Protection Agency's enforcement alert issued in May 2024, more than 70% of water systems inspected failed to fully comply with Safe Drinking Water Act requirements. The EPA identified "alarming cybersecurity vulnerabilities" including:

• Default passwords that had never been updated
• Vulnerable single login setups without multi-factor authentication
• Former employees who retained systems access
• Inadequate network segmentation between IT and OT systems

The Threat Actor Landscape

Multiple adversary categories target water infrastructure, each with distinct motivations and capabilities.

Nation-State Actors

Chinese Groups lead in sophistication and strategic patience. Beyond Volt Typhoon, Chinese-nexus groups including Salt Typhoon, Linen Typhoon, and Violet Typhoon have conducted widespread campaigns targeting critical infrastructure. As documented in our analysis of China's cyber campaigns, these groups focus on pre-positioning for potential disruption rather than immediate espionage value.

CrowdStrike reported a 150% increase in observed China-nexus adversary activity in 2024-2025, with telecommunications, government, and critical infrastructure representing primary targets. The groups employ "living off the land" (LOTL) techniques—using legitimate administrative tools to blend into normal network activity and evade detection.

Iranian-Affiliated Groups have demonstrated both capability and willingness to disrupt water operations. The Islamic Revolutionary Guard Corps (IRGC)-affiliated group "CyberAv3ngers" (also known as Storm-0784 or Shahid Kaveh Group) has specifically targeted water infrastructure:

• November 2023: Defaced a water controller in Pennsylvania as part of cyber-enabled influence operations
• December 2023: Attacked a private group water scheme in County Mayo, Ireland, leaving residents without water for several days by compromising an internet-connected controller
• Multiple incidents targeting Unitronics programmable logic controllers (PLCs) used throughout the U.S. water sector

The U.S. federal government issued specific warnings about the exploitation of Unitronics PLCs, noting that these devices—commonly used in water and wastewater facilities—were being indiscriminately targeted because they were manufactured in Israel.

Russian-Linked Hacktivists continue to target water infrastructure, particularly in geopolitical context. The "People's Cyber Army of Russia" claimed credit for cyberattacks on the Tipton West Wastewater Treatment Plant in Indiana (April 2024) and a water facility in Muleshoe, Texas, near a U.S. Air Force base (January 2024).

Ransomware Groups

Ransomware operations increasingly view water utilities as attractive targets due to the critical nature of services and potential for substantial ransom payments. Key groups targeting or capable of targeting water infrastructure include:

Qilin Ransomware amassed over $50 million in ransom payments and specifically targets critical infrastructure. The group operates a sophisticated Ransomware-as-a-Service (RaaS) model and gained notoriety for the Synnovis attack that disrupted pathology services.

Akira Ransomware maintains consistent activity with a focus on critical infrastructure, construction, and manufacturing—sectors that often interact with or depend on water systems. The group's retro 1980s aesthetic belies its professional operation and proven track record.

Warlock Ransomware represents a disturbing evolution: attributed to China-based threat actor Storm-2603, it blurs the lines between state-sponsored espionage and financially motivated cybercrime. Warlock has successfully breached major telecommunications providers and demonstrated capabilities for attacking critical infrastructure through exploitation of the "ToolShell" SharePoint vulnerabilities.

Everest Ransomware recently struck Sweden's national power grid operator, Svenska kraftnät, demonstrating that even well-defended national critical infrastructure remains vulnerable.

Technical Vulnerabilities and Attack Vectors

Water infrastructure faces unique cybersecurity challenges stemming from legacy systems, limited budgets, and the intersection of IT and OT environments.

Programmable Logic Controllers (PLCs)

PLCs represent core technology components in industrial control systems and are a primary concern for critical infrastructure defenders. These devices control everything from pump operations to chemical dosing, yet often run on outdated firmware with minimal security protections.

The Unitronics PLC vulnerabilities exploited by Iranian groups exemplify the risk: these devices were internet-accessible with default credentials, allowing attackers to remotely manipulate water pressure, flow rates, and treatment processes. In the Ireland incident, attackers successfully compromised a controller maintaining water pressure, demonstrating that even small-scale attacks can have real-world consequences.

Network Segmentation Failures

Proper segmentation between business IT systems and operational technology (OT) systems is critical for limiting the impact of cyber intrusions. However, many water utilities have poorly segmented networks that allow attackers who compromise IT systems to pivot to OT environments.

The British National Cyber Security Centre specifically encourages critical infrastructure providers to ensure proper segmentation and released a new Cyber Assessments Framework in August 2024 to help organizations improve resilience. Don Smith, Vice President of Threat Research at Sophos, emphasized: "Commodity rather than targeted attacks remain the most likely threat to impact critical infrastructure providers. The messaging I pass to CISOs and the people managing risk in these organizations is to worry about defending from the everyday as opposed to defending from the exotic."

Supply Chain and Third-Party Risks

Supply chain vulnerabilities represent an increasingly significant attack vector. Water utilities often rely on multiple vendors for monitoring, maintenance, and operational technology management. Compromising a single managed service provider can provide access to dozens of utilities simultaneously.

The 2024-2025 period saw numerous high-profile supply chain attacks, including exploitation of Cleo managed file transfer vulnerabilities that compromised over 300 organizations globally. Similar attacks on platforms like Salesforce, exposed in the ShinyHunters breach affecting 2.5 billion Gmail users, demonstrate how third-party platforms can become vectors for massive data exposure.

Remote Access Vulnerabilities

VPN concentrators and remote access systems without multi-factor authentication (MFA) provide straightforward initial access for threat actors. The COVID-19 pandemic accelerated remote work adoption, including in operational technology environments, often without corresponding security improvements.

Volt Typhoon actors specifically exploit publicly available vulnerabilities in network appliances from Fortinet, Ivanti, Netgear, Citrix, and Cisco to gain initial access. Once inside, they conduct extensive reconnaissance, steal credentials, and establish persistence using LOTL techniques that allow them to operate undetected for years.

The U.S. Regulatory Struggle

The United States has faced unique challenges in improving water sector cybersecurity, with efforts repeatedly stalling due to industry opposition and political interference.

EPA Enforcement Efforts and Pushback

In March 2023, the Environmental Protection Agency interpreted existing legal requirements under the Safe Drinking Water Act to include mandatory cybersecurity assessments at drinking water systems. This initiative represented a significant step toward securing the nation's water infrastructure.

However, the EPA withdrew this requirement just seven months later after facing aggressive legal challenges from water industry groups that partnered with Republican lawmakers to halt federal oversight efforts. The water industry argued that cybersecurity mandates represented federal overreach and would impose excessive costs on utilities.

This occurred despite:

• Significant increases in ransomware attacks on water systems
• Growing evidence of state-sponsored intrusions
• A U.S. Government Accountability Office (GAO) report in August 2024 finding that EPA lacked a comprehensive national cybersecurity strategy for the water sector
• EPA's own assessment showing over 70% non-compliance with existing safety requirements

The CIRCIA Implementation

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), passed in 2022, aims to mandate that critical infrastructure entities report significant cyber incidents to CISA within 72 hours and ransomware payments within 24 hours. Final rules are expected in late 2025.

American Water's October 2024 breach highlighted the importance of transparent incident reporting. The utility disclosed the attack via an SEC 8-K filing, both fulfilling its legal obligations as a publicly traded company and providing public notification. This transparency, while legally mandated, stands in contrast to the voluntary and often delayed reporting that characterizes much of the water sector.

Federal Funding Challenges

The MS-ISAC (Multi-State Information Sharing and Analysis Center) detected and prevented more than 59,000 malware and ransomware attacks on local governments in 2024. However, federal funding cuts have forced the Center for Internet Security to temporarily self-fund these critical services at over $1 million per month.

The American Rescue Plan Act provided $6.5 billion for water infrastructure projects, and EPA partnerships with states have facilitated approximately $200 billion in water improvement projects. Yet infrastructure funding is rarely dedicated specifically to information technology and cybersecurity upgrades, leaving utilities to prioritize regulatory compliance for water quality over cyber defenses.

The Water Cybersecurity Enhancement Act of 2025

Recognizing the urgent need for action, bipartisan legislation has emerged to address water sector vulnerabilities. Senators Ruben Gallego and Tom Cotton introduced the Water Cybersecurity Enhancement Act of 2025, which aims to provide comprehensive support for water utilities.

Key Provisions

Direct Grant Funding: The legislation authorizes grants specifically for cybersecurity improvements at community water systems, particularly those serving populations of 3,300 or more already required to complete risk assessments under federal law.

Technical Assistance and Training: Recognizing that many utilities lack dedicated cybersecurity personnel, the Act provides funding for staff training, incident response planning, and access to cybersecurity expertise.

Democratizing Resources: The bill specifically targets smaller and rural utilities that have limited budgets and outdated infrastructure. These systems are disproportionately vulnerable due to lack of dedicated IT staff and insufficient security budgets.

Shift in Mindset: Beyond funding, the legislation promotes a fundamental change in how water utilities approach cybersecurity—moving from reactive to proactive defense and recognizing cyber risk as a core operational concern rather than an optional IT enhancement.

Senator Gallego stated: "Adversaries understand the importance of secure access to water and are trying to undermine water security. It is critical that we ensure our public water systems have the resources they need to prevent and respond to cyberattacks."

International Responses and Coordination

While the U.S. struggles with regulatory implementation, other nations have moved more decisively.

European Union Framework

The EU has established a comprehensive regulatory framework for critical infrastructure security:

NIS2 Directive (EU/2022/2555): Establishes measures for a high common level of cybersecurity across the Union, with specific provisions for essential services including water.

Critical Entities Resilience Directive (EU/2022/2557): Focuses on both physical and cyber resilience of critical infrastructure, requiring entities to conduct risk assessments and implement security measures.

EU Preparedness Union Strategy (March 2025): Aims to strengthen Europe's capability to prevent and respond to hybrid and cyber threats affecting critical infrastructure, including energy and water systems.

Five Eyes Collaboration

The Volt Typhoon advisories published by CISA, NSA, and FBI were co-signed by cybersecurity agencies in the United Kingdom, Australia, Canada, and New Zealand, demonstrating unprecedented intelligence-sharing among Five Eyes nations regarding threats to critical infrastructure.

This collaboration reflects recognition that water infrastructure security represents a shared challenge requiring coordinated international response. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, emphasized the need for clarity distinguishing cyber espionage from pre-positioning for attacks, stating: "We know it is not for espionage purposes, because when we look at the sectors like water sectors and civilian airport sectors, those have very little intelligence value."

Switzerland and Global Trends

Switzerland enacted a mandate requiring operators of critical infrastructure to report cyberattacks to national authorities, effective April 1, 2025. The country joins Australia, the EU, Japan, Singapore, South Korea, the UK, and the US in implementing similar reporting mandates.

This global trend toward mandatory reporting reflects growing recognition that voluntary disclosure is insufficient for understanding and responding to the threat landscape. As documented in our comprehensive analysis of 2025's cybersecurity landscape, attacks on energy, water, and transport sectors rose by 34% in 2025.

Lessons from Successful Attacks

While most cyberattacks on water infrastructure have not disrupted actual water supplies, several incidents provide critical lessons.

The Ireland Case Study

The December 2023 attack on a private group water scheme in County Mayo, Ireland, resulted in several days without water for residents in a remote area. Iranian-linked hackers indiscriminately targeted facilities using Unitronics equipment manufactured in Israel, successfully compromising an internet-connected controller that maintained water pressure.

Key Lessons:

• Internet-accessible OT devices without proper authentication represent critical vulnerabilities
• Even small-scale attacks can have significant real-world consequences
• Geographic targeting based on equipment origin demonstrates how geopolitical factors influence cyber operations
• Remote and rural areas may be particularly vulnerable due to limited technical expertise

The American Water Incident

American Water's October 2024 breach affected the largest regulated water utility in the United States, serving 14 million people across 14 states and 18 military installations. While operations and water quality remained unaffected, the attack forced shutdown of customer billing systems and service portals.

Key Lessons:

• The intersection of IT and OT systems creates cascading vulnerabilities
• Transparent incident disclosure, while challenging, maintains public trust
• Large utilities with significant resources still struggle with sophisticated attacks
• Billing and customer service systems, while not operational technology, remain high-value targets for attackers seeking to cause disruption and extract ransoms

The Canadian Pressure Manipulation

Recent incidents in Canada where hacktivists successfully changed water pressure at local utilities demonstrate that attacks directly affecting operational parameters are not merely theoretical threats but current realities.

Key Lessons:

• Direct OT manipulation is technically feasible and actively occurring
• Hacktivist groups, not just nation-states and ransomware operators, possess capabilities to interfere with industrial control systems
• Real-time monitoring and anomaly detection systems are essential for identifying unauthorized parameter changes
• Incident response plans must account for physical safety implications of cyber incidents

The Economic and Operational Challenge

Securing water infrastructure faces fundamental economic challenges that complicate technical solutions.

Budget Constraints

Many water utilities operate as regulated monopolies with limited discretionary budgets. Rate increases to fund cybersecurity improvements require regulatory approval and can face political resistance from ratepayers. As noted by cybersecurity expert David Moore: "The fundamental challenge here is economic. They can ask for rate hikes to fund it, but that can be politically challenging. It's often the case that the budget just isn't there."

Competing Priorities

Water systems must prioritize regulatory compliance for water quality and safety—requirements backed by stringent enforcement and potential legal liability. Cybersecurity, in contrast, has historically been voluntary or weakly enforced, creating an incentive structure that deprioritizes cyber investment.

EPA's finding that 70% of water systems fail to comply even with existing risk assessment requirements suggests that voluntary frameworks are insufficient. Mandatory requirements with enforcement mechanisms appear necessary to drive meaningful security improvements.

Skills Gap and Expertise

Small and medium-sized water utilities often lack dedicated IT staff, let alone cybersecurity specialists. The skills required to secure industrial control systems differ significantly from traditional IT security, requiring understanding of both OT protocols and cyber defense.

The Water Cybersecurity Enhancement Act's emphasis on training and technical assistance recognizes this skills gap as a fundamental barrier to improved security. Many utilities need external expertise to conduct vulnerability assessments, implement security controls, and develop incident response capabilities.

Legacy Systems and Long Lifecycles

Water infrastructure has extraordinarily long lifecycles—treatment plants and distribution systems may operate for 50-100 years. Control systems and monitoring equipment, while shorter-lived, still often remain in service for decades beyond their intended lifespan.

This creates a fundamental mismatch: cybersecurity threats evolve on timescales measured in months or weeks, while infrastructure replacement occurs on timescales measured in decades. Retrofitting legacy systems with security controls is technically challenging and expensive, yet wholesale replacement is economically infeasible.

Best Practices and Mitigation Strategies

Despite these challenges, proven strategies can significantly improve water infrastructure security.

Network Architecture

Segmentation: Properly isolating business IT networks from operational technology environments limits the ability of attackers who compromise IT systems to pivot to OT. This requires both physical and logical separation, with strictly controlled communication pathways between environments.

Zero Trust Architecture: Moving beyond perimeter-based security models to assume breach and verify all access attempts reduces the impact of compromised credentials. As detailed in emerging threat analysis, organizations are moving toward comprehensive Zero Trust architectures that assume breach and focus on limiting damage.

Network Visibility: Comprehensive monitoring of both IT and OT environments enables detection of anomalous behavior. Many utilities lack basic visibility into what devices exist on their networks and how they communicate, making threat detection nearly impossible.

Identity and Access Management

Multi-Factor Authentication: Implementing phishing-resistant MFA on all remote access systems and critical administrative accounts substantially reduces the effectiveness of credential theft.

Privileged Access Management: Strictly controlling administrative credentials, implementing just-in-time access, and monitoring privileged account activity helps detect and prevent lateral movement.

Regular Credential Rotation: Changing default credentials on all devices, implementing strong password policies, and regularly rotating credentials reduces the window of opportunity for attackers using stolen credentials.

Vulnerability Management

Patch Management: Prioritizing patches for internet-facing systems and known vulnerabilities frequently exploited by threat groups like Volt Typhoon reduces attack surface.

Asset Inventory: Maintaining comprehensive inventories of all IT and OT assets enables effective vulnerability management and ensures no systems are overlooked.

End-of-Life Planning: Developing strategies for replacing or isolating technology beyond manufacturer support prevents vulnerable legacy systems from becoming entry points.

Detection and Response

Logging and Monitoring: Ensuring comprehensive logging is enabled for applications, access, and security events, with logs stored in centralized systems protected from tampering.

Incident Response Planning: Developing, testing, and regularly updating incident response plans specific to water operations, including procedures for responding to both IT and OT incidents.

Tabletop Exercises: Conducting regular exercises simulating various attack scenarios, including ransomware, OT manipulation, and nation-state intrusions.

Commodity Threat Focus

Don Smith's advice bears repeating: "The much bigger risk is that we end up with a major piece of our CNI knocked offline because of a ransomware attack. I worry about people thinking about investing huge amounts in monitoring esoteric systems when they're actually not protecting themselves from the basics."

While nation-state threats like Volt Typhoon require attention, the most likely threat remains commodity ransomware and opportunistic attacks exploiting basic security failures. Organizations must ensure they have strong foundational security before investing in advanced threat detection.

The Path Forward

Securing water infrastructure requires sustained effort across multiple fronts: regulatory reform, increased funding, technical improvements, and cultural change.

Regulatory Evolution

The UK's Cyber Security and Resilience Bill and the U.S. implementation of CIRCIA represent important steps toward mandatory incident reporting and security standards. However, regulations must be:

• Specific enough to drive meaningful action while flexible enough to accommodate diverse utility sizes and capabilities
• Backed by enforcement to ensure compliance rather than remaining voluntary guidelines
• Funded adequately so that compliance costs don't force utilities to choose between safety and security

Public-Private Partnership

Effective water security requires collaboration between government agencies providing threat intelligence and technical assistance, utilities implementing security controls, and technology vendors building secure-by-design products.

CISA's continued provision of cybersecurity services to critical infrastructure, despite budget pressures, demonstrates the importance of federal support. Expanding programs like the Cyber Hygiene Services to systematically scan and assess water utility networks could identify vulnerabilities before attackers exploit them.

International Cooperation

Water infrastructure security represents a global challenge requiring continued intelligence sharing and coordinated responses. The Five Eyes collaboration on Volt Typhoon demonstrates the value of shared threat intelligence, but this model should expand to include more nations and cover additional threat actors.

Investment and Innovation

Securing water infrastructure ultimately requires sustained investment—in technology, people, and processes. This includes:

• Modernizing legacy systems with security-by-design principles
• Deploying advanced monitoring and detection capabilities
• Training and retaining cybersecurity talent
• Conducting regular security assessments and penetration testing

The Water Cybersecurity Enhancement Act represents an important funding mechanism, but sustained investment will require creative approaches to utility financing and potentially new models for cybersecurity service delivery.

Conclusion

The five cyberattacks on British water suppliers since January 2024 exemplify a global trend that shows no signs of abating. Water infrastructure sits at the intersection of multiple threat vectors: nation-states seeking pre-positioned access for potential future conflict, ransomware groups targeting critical services for financial gain, and hacktivists demonstrating capabilities to manipulate operational parameters.

As documented throughout our ongoing coverage of critical infrastructure attacks, the threat landscape continues to intensify. Weekly cyberattacks per organization increased 47% year-over-year in Q1 2025, with ransomware incidents surging 126%. Critical infrastructure—including water systems—remains a primary target.

Yet there is reason for cautious optimism. The voluntary reporting of incidents by UK water suppliers, the bipartisan support for the Water Cybersecurity Enhancement Act, international coordination exemplified by Five Eyes intelligence sharing, and growing recognition of cyber risk at board and executive levels all suggest increasing awareness and commitment to action.

The challenge is urgent but not insurmountable. By implementing proven security practices, modernizing vulnerable systems, investing in people and technology, and creating regulatory frameworks that mandate and fund security improvements, the water sector can transform from one of the most vulnerable critical infrastructure sectors to a model of resilience.

The alternative—waiting until a major attack disrupts water supplies to tens of millions of people—is simply unacceptable. As FBI Director Christopher Wray warned regarding Volt Typhoon, this threat defines our generation. The time for action is now, before pre-positioned access becomes activated disruption and the theoretical becomes catastrophically real.

Related Reading:

• Briefing on the 2025 Cybersecurity Landscape: Key Threats, Trends, and Incidents
• The 10 Most Recent and Significant Cyber Attacks and Data Breaches Worldwide (Q1 2025)
• Warlock Ransomware: The Critical Infrastructure Threat Redefining Global Cybersecurity in 2025
• Svenska Kraftnät Breach: Everest Ransomware Strikes Sweden's Critical Power Infrastructure
• Major Cyber Attacks 2025: A Comprehensive Analysis of the Year's Most Devastating Data Breaches and Ransomware Incidents
• Ransomware Onslaught: Multiple Groups Post Fresh Victims on October 3, 2025
• The Cyber Siege: How Ransomware is Crippling America's Cities and Towns
• Summer of Siege: A Deep Dive into the Breaches, Attacks, and Ransomware of 2025

Sources:

• Recorded Future News: "Hackers are attacking Britain's drinking water suppliers"
• U.S. Government Accountability Office (GAO): "Critical Infrastructure Protection: EPA Urgently Needs a Strategy to Address Cybersecurity Risks to Water and Wastewater Systems"
• CISA: "PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure"
• EPA: "Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities"
• Smart Water Magazine: "Water sector cybersecurity in 2024: high stakes and urgent responses"
• StateScoop: "'Critical' cyber vulnerabilities found in many water utilities, warns EPA inspector general"
• IBM: "Cyberattack on American Water: A warning to critical infrastructure"