When hackers went after the Onslow Water and Sewer Authority last month, it was the second cyberattack on a North Carolina utility within a year. The hackers, who timed this attack for the aftermath of Hurricane Florence, caused “a catastrophic loss” by encrypting databases and locking out employees. Rather than pay a ransom to the hackers, the utility is rebuilding its information technology systems from scratch.
We need water for everything from cooking to manufacturing. Technological advances that make our water supply smarter — automating chemical treatment, for example, or enabling electronic billing — also make it more vulnerable to cyberattacks.
According to the Department of Homeland Security, more than 150,000 systems deliver clean water to Americans and dispose of wastewater. Drinking water is delivered by more than a million miles of pipes — four times the length of the national highway system. The New York City government controls America’s largest single-source water supply — a reservoir system supplying 1.2 billion gallons of water a day — and the city’s Department of Environmental Protection employs nearly 200 officers to protect the system.
Each water system is operated by its own industrial control system, which in most cases evolved over decades with a hodgepodge of functions and technologies layered on top of older infrastructure. For example, water can travel up to 125 miles within New York City’s system before it reaches a faucet. Along the way, it’s disinfected with chlorine and then slowed down to pass through 56 containers holding ultraviolet lights in quartz tubes. The water gets fluoride to protect teeth and phosphoric acid to protect the distribution pipes. Throughout the process, a centralized computer system gathers data and creates detailed projections.