There have already been some reported attacks. In October 2024, American Water was hit by a cyber-attack that meant that the company could no longer bill customers and in 2024 a Texan water company suffered a cyber-attack, The US is not the only country to be so hit: Norway and Poland have reported similar attacks.
The pilot program, sponsored by Microsoft, identified four factors that would improve security. First, companies should be wary of free tools, which are often inadequate. Second, utilities should expand hands-on technical assistance to support implementation. The next issue that companies should address is the need to include cybersecurity training in operator licensing. Finally, companies should develop their links water sector associations to help improve cybersecurity operations.
The report of the program concludes that to avoid future cybersecurity incidents, utilities should shift from information distribution to capacity building, ensuring that a resilient infrastructure is in place.
