More and more every month. Sometimes it is human error. Sometimes it is technical failure. Sometimes it is really old legacy systems failing to operate well in the modern world.
Sometimes, there are more sinister forces at work, however.
Unfortunately, due to the thousands (over 147,000 total) of small to medium water utlities in the US, there is a fractured response to emerging cyber threats. The ability to respond and detect cyber attacks sufficiently varies from basically non existant to robust response.
Additionally, an untold number of public and private water utilities in the United States purchased digital switches made by a company with questionable at best security practices. Digijaks Group was engaged several years ago to help uncover the real authors and origination of software that was written by a nominal US company, that was in fact something much more sinister. They were licensing their software solutions to actual US companies, and one of them decided to dig into the code a bit.
The nominal US company that was engaged by another company to write the software for the digital switches, was actually a Russian front company. Most of the people live in Moscow. Most of the business is not in the US. Somehow they went from making websites to sell furniture to making software for digital switches almost overnight. We did an entire report on the complex issues surfaced by this investigation. At this time we cannot publish it due to confidentiality reasons, and to ensure that other water utlities do not fall victim to similar tactics.
How many other companies like this one exist in water utilities? Renewables? Batteries? Oil? Gas? Agriculture? Pharma? Do you know who you are dealing with? What kinds of due diligence do you perform on companies whose software you purchase? Basic? None? Thorough deep dive? What exactly are the Russians up to?
Again, what other industries have been targeted and penetrated?