When American Water, the largest water utility in the US, was hit by a cybersecurity attack Oct. 8, the company shut down its customer service portal affecting its customer billing functions.
According to Snyderville Basin Water Reclamation District Director Mike Luers, Homeland Security has identified the water and wastewater sector as one of 16 critical infrastructure sectors targeted for cyber security issues. And he said the district isn’t immune to them.
Luers said the water district gets attempted hits all the time.
“Fortunately, we've never been attacked to where they've been successful,” he said. “But it is not unusual for water and wastewater systems across America to be vulnerable and actually sustain damage from a cyberattack.”
He said the district spends a significant amount of time with the FBI and Homeland Security to ensure its system is secure.
“We do the best we can,” he said. “Fortunately, as I indicated, we've never been cyber hacked, or we've never had a successful attack where we had to shut anything down. But we see it coming into our system on a daily basis, and we just want the public to know that we are taking this issue very seriously, and we've put together cybersecurity plans.”
Luers said the hackers use what he calls “spear phishing.”
“That's where they will target a specific individual and target them with very sophisticated emails so that the person who's seen the emails thinks, ‘Hey, this email is from my mother and here's a picture of our last vacation.’ And the person will click on it and then that's all it takes,” he said.
Luers adds that district employees receive constant training to be aware of potential attacks.