States and Congress wrestle with cybersecurity at water utilities

abcnews.go.com:

The hacking of a municipal water authority in a small Pennsylvania town is prompting new warnings from U.S. security officials as states and the federal government are wrestling with how to harden water utilities against hackers

HARRISBURG, Pa. — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack.

It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the new $18.5 million one it is building.

Then it — along with several other water utilities — was struck by what federal authorities say are Iranian-backed hackers targeting a piece of equipment specifically because it was Israeli-made.

“If you told me to list 10 things that would go wrong with our water authority, this would not be on the list,” said Matthew Mottes, the chairman of the authority that handles water and wastewater for about 22,000 people in the woodsy exurbs around a one-time steel town outside Pittsburgh.

The hacking of the Municipal Water Authority of Aliquippa is prompting new warnings from U.S. security officials at a time when states and the federal government are wrestling with how to harden water utilities against cyberattacks.

The danger, officials say, is hackers gaining control of automated equipment to shut down pumps that supply drinking water or contaminate drinking water by reprogramming automated chemical treatments. Besides Iran, other potentially hostile geopolitical rivals, including China, are viewed by U.S. officials as a threat.

A number of states have sought to step up scrutiny, although water authority advocates say the money and the expertise are what is really lacking for a