This article has been reviewed according to Science X's editorial process and policies. Editors have highlighted the following attributes while ensuring the content's credibility:


reputable news agency


Cybersecurity agency warns that water utilities are vulnerable to hackers after Pennsylvania attack

Credit: CC0 Public Domain

Hackers are targeting industrial control systems widely used by water and sewage-treatment utilities, potentially threatening water supplies, the top U.S. cyberdefense agency said after a Pennsylvania water authority was hacked.

The U.S. Cybersecurity and Infrastructure Security Agency issued the warning Tuesday evening, three days after hacktivists shut down a piece of equipment at the Municipal Water Authority of Aliquippa, Pennsylvania, just outside Pittsburgh. The hack effectively idled pumping equipment in a remote station that regulates for customers in two nearby towns. Crews switched to manual backup, officials said.

The attackers likely accessed the device by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet, U.S. officials said. The Aliquippa water authority did not respond to messages Wednesday.

The equipment identified as vulnerable is used across multiple industries, including electric utilities and oil and gas producers. It regulates processes including pressure, temperature and fluid flow, according to the manufacturer.

While there is no known risk to the Pennsylvania towns' drinking water or water supply, the cyberdefense agency urged water and wastewater utilities across the United States to take steps to protect their facilities.

The equipment at issue is made by Israel-based Unitronics, which did not immediately respond to queries about what other facilities may have been hacked or could be vulnerable. According to Unitronics' website, the controllers at issue are built for a wide spectrum of industries.

The Biden administration has been trying to shore up cybersecurity in U.S. —more than 80% of which is privately owned—and has imposed regulations on sectors including , gas pipelines and nuclear facilities.

But many experts complain that too many vital industries are permitted to self-regulate and want software providers to also assume a higher burden for safety.

© 2023 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

Citation: Cybersecurity agency warns that water utilities are vulnerable to hackers after Pennsylvania attack (2023, November 30) retrieved 26 February 2024 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

EPA mandates states report on cyber threats to water systems


Feedback to editors