Cybercriminals increasingly are attacking water systems, targeting metering, billing, and payment processing, according to a CNBC report.
Hackers have used phishing, social engineering or systems still running on default passwords to launch their attacks, CNBC said. The Environmental Protection Agency issued a report saying many water systems have alarming cybersecurity vulnerabilities, making them easier to access and hack.
A water system in Wichita, Kansas, recently was hacked, and Russians hacked a water filtration plant in a Texas town near a U.S. Air Force Base, causing a tank to overflow, CNBC said.
While no hack has shut off water to a population, it remains a chief concern, Stuart Madnick, an MIT professor of engineering systems and co-founder of Cybersecurity at MIT Sloan, told CNBC.
"We have demonstrated in our lab how operations, such as a water plant, could be shut down not just for hours or days, but for weeks. It is definitely technically possible," Madnick said to CNBC.
Madnick told CNBC said he does not think the federal government could react quick enough to such an event.
"It has not happened yet, and serious action to prevent 'likely' will not happen, until after it has happened," Madnick said.
Water utilities need to improve password strength, reduce exposure to public focus internet, and increase cybersecurity awareness training, a spokesman for the EPA told CNBC.
The EPA said attacks have been preventable.
"Systems were victimized by destructive and costly cyberattacks because they failed to adopt basic cyber resiliency practices," the EPA spokesman said to CNBC. "All drinking water and wastewater systems are at risk — large and small, urban and rural."
Sam Barron ✉
Sam Barron has almost two decades of experience covering a wide range of topics including politics, crime and business.
© 2025 Newsmax. All rights reserved.