Bill Roth

Things I have no choice but to write

Tag: Cyberattacks

SCADA Systenm

Largest US Water Utility Hacked: American Water

October 18, 2024 / / 0 Comments

(Full List of Water System Cybersecurity Stories | Cybersecurity and Valley Water)

It has happened again. Another water utility has been hacked. A number of sources (CNBC, CBS, CNN) have reported that the nation’s largest water utility, American Water has been hacked. American Water manages more than 500 water and wastewater systems in about 1,700 communities across at least 14 states, including California.

American Water has announced it is back online. Further, American Water says it has no indication that its water and wastewater facilities were impacted by this incident. It also says that water quality was not affected.

The attack was first reported in an 8K filing with the SEC on October 3rd. American Water appeared to recover by October 10th, according to a statement released by the company.

The attack appeared to cause network outages, rendering both American Water’s billing portal, MyWater, and its internal phone network inoperative, according to cyberSecurity publication Dark Reading.

This is by no means the first attack on a water system this year. As has been written about on this site, there have been attacks in Texas, Hawaii, Kansas, and Pennsylvania. Moreover, there have been new cybersecurity guidelines issued for water systems by DHS, and more security called for by the EPA.

Valley Water needs a Director who understands the nature of the cybersecurity threat. Bill Roth is that candidate who brings years of experience in both technology and cybersecurity, and can ask the right questions to ensure our water systems remain safe.

For more information, check out Fast Facts about Bill Roth.

Kansas Water Facility Suffers Ransomware Attack

October 7, 2024 / / 1 Comment

The Threat Continues…

PC Magazine is reporting that a Kansas City Water utility has been the victim of a ransomware attack. The water treatment facility in Arkansas City, Kansas, came under attack and had to resort to “manual operations.”

Ransomware is a type of malicious software that encrypts a victim’s data, rendering it inaccessible. Cyber-criminals, often from Russia and North Korea, then demand a ransom, typically in cryptocurrency, to restore access. These attacks target individuals, businesses, and government agencies, often crippling operations. Victims face tough decisions: pay the ransom with no guarantee of data recovery or risk permanent data loss. Ransomware has become an increasingly common.

Why is this serious? Consider what would happen during a storm where Lexington Dam could not open its floodgates in time, causing the dam to be over-topped. This would cause serious damage to the dam and to the towns in the path of the flood, like Los Gatos, Campbell, and San José.

Topics related to cyber-security have only shown up in the agenda and minutes of Santa Clara Valley Water Board of Directors twice in the last 5 years. More needs to be done. The water agency for Silicon Valley needs a board member who understands the threat, and can advocate for the resources to deal with it.

Bill Roth is that candidate. For more information check out more articles on cybersecurity.

To keep up to date on the campaign, subscribe below.

Image of hacker engaged in cyberattack

The Threat is Real: Another Water Hack

April 25, 2024 / / 1 Comment

The threat is real. Small Texas towns have had their water system hacked by a Russian Hacking group. You can find a cluster of news stories here.

In short, a series of cyberattacks targeted small towns in rural Texas, with one incident causing the water system to overflow. The attacks, attributed to a Russian hacktivist group called CyberArmyofRussia_Reborn, aimed at public utilities, raising concerns about the vulnerability of U.S. water systems. I have written about this previously related to hacks in Pennsylvania, and Hawaii.

In Hale Center and Muleshoe, attempts to breach the water systems were thwarted by manual intervention after the cities detected suspicious activity. Similar attacks in Lockney were also prevented. While the incidents didn’t pose immediate dangers, they underscored the need for improved cybersecurity measures in critical infrastructure. The FBI and Department of Homeland Security were notified but declined to comment on ongoing investigations. Both the FBI and DHS issued a warning about potential attacks in March.

Previous attacks on U.S. water facilities, including those attributed to Iranian state groups, prompted calls for stronger cybersecurity measures from government officials. The Environmental Protection Agency urged governors to assess cybersecurity risks and plan for potential cyberattacks on water supplies.

Valley Water needs to have a comprehensive cybersecurity policy. Moreover, it needs someone on the board of directors who understands the issues and the seriousness of the threat. Bill Roth is the candidate the board needs.

light lights water blue
Photo by Marek Piwnicki on Pexels.com

CNN: Officials Warn of Cyberattacks on Water

March 21, 2024 / / 0 Comments

(Updated March 24)

CNN reported on March 19th about Biden administration officials highlighting concerns over cyberattacks targeting our nation’s critical water infrastructure. As I’ve discussed previously, reflecting on incidents in Hawaii and Pennsylvania, the threat to our water systems is both real and escalating.

The White House and EPA are now urging governors to bolster cybersecurity measures for water and wastewater systems. This comes amid revelations that many facilities lack fundamental protections against cyber threats, with recent breaches by state-sponsored hackers underscoring the urgency.

In response, a task force has been initiated to pinpoint and address vulnerabilities. However, despite these efforts, challenges remain, particularly with the implementation of regulatory protections.

The Santa Clara Valley Water District deserves a board member who not only recognizes the gravity of these cyber threats but is also prepared to take decisive action. I am confident in my ability to contribute effectively to our Board of Directors, ensuring our community’s water security against these evolving cyber risks. Do you have cybersecurity questions, comments or concerns? Contact me here.

Update 1: March 24th

Newsweek also has a story on this announcement as well. Newsweek covers Iranian cyberattacks in more detail then CNN, and does not mention China. It also mentions the Aliquippa cyberattack, but makes no mention of the recent attach in Hawaii.

Like My Work? Buy me a coffee.

Buy Me a Coffee

© 2025 Bill Roth

Theme by Anders NorenUp ↑