American Water Works, the largest regulated water provider in the United States, recently suffered a cyberattack that forced the company to shut down its MyWater app and pause billing services. With a reach spanning over 14 million people across 24 states, American Water supplies essential water and wastewater services to residential, commercial, and industrial clients, as well as military bases.

While the company reported that no water or wastewater operations were affected, the attack highlights the vulnerabilities inherent in the water sector’s reliance on aging infrastructure and digital systems.

In 2022, other water companies were breached by an Iranian hacking group, CyberAv3ngers, who exploited Unitronics programmable logic controllers (PLCs) left unpatched with their default passwords. This allowed the group to infiltrate systems in the U.S. and Israel, exposing critical infrastructure to potential disruption. The fact that these PLCs remained vulnerable, even when used in such crucial systems, is a stark reminder of the need for thorough testing and security assessments.

Organizations like Asteros specialize in identifying and mitigating such vulnerabilities through a comprehensive suite of cybersecurity services, including web application and network penetration testing. Asteros has worked with numerous clients in sectors where security can no longer be an afterthought, from educational institutions to utilities, uncovering weaknesses that could lead to operational breakdowns or breaches.

Recent assessments conducted by Asteros revealed similar vulnerabilities in emergency management systems—vulnerabilities that, if exploited, could have disrupted the a county’s ability to respond to emergencies effectively.

The American Water attack serves as a wake-up call for organizations responsible for managing critical infrastructure. The consequences of service disruptions, whether from cyberattacks or internal failures, extend beyond financial losses. For water utilities, disruptions can impact public health and safety, potentially leading to contamination risks, supply shortages, or disruptions to emergency services that rely on consistent water pressure.

As digital transformation accelerates across sectors, Asteros continues to stress the importance of proactively testing and securing these systems. Whether it’s identifying weak points in web applications or hardening legacy infrastructure, the key to protecting public safety and maintaining trust lies in a proactive, well-planned approach to cybersecurity.