Why don't utilities get hacked - or why we don't hear of utilities getting hacked?

I couldn’t believe this when I first read it, but water companies (and maybe other utilities) don’t have to notify anyone when they’ve been hacked. Huh?

1 Like

This is an automatically-generated Wiki post for this new topic. Any member can edit this post and use it as a summary of the topic’s highlights.

They do get hacked. Read about the Russian hack of the Ukraine power grid over the Christmas holidays about five or six years ago.

China’s pay off of Hunter Biden is really paying off also. Buried in one of Josef Biden’s executive orders is one rescinding the Trump administration’s ban on use of power grid components from China, Russia, and other US enemies. What could possibly go wrong?



These scary events have been happening for two decades but it seems that every time it happens the powers that be say it’s a “wake up call”:

  • In 2015 DHS Secretary Jeh Johnson calls OPM breach a “wake-up call”
  • In 2012 General Alexander, Director of the National Security Agency, calls the hacker attack on Saudi ARAMCO a “wake-up call”
  • In 2010 Michael M. DuBose, chief of the Justice Department’s Computer Crime and Intellectual Property Section, called successful breaches such as Aurora “a wake-up call”
  • In 2008 Deputy Secretary of Defense William Lynn called the BUCKSHOT YANKEE incident “an important wake-up call.”
  • In 2003 Mike Rothery, Director of Critical Infrastructure Policy in the Attorney-General’s Department of the (Australian) Federal Government called a hack into a wastewater treatment plant “a wake-up call.”
  • In 2000 Attorney General Janet Reno called a series of denial of service attacks against various companies a “wake-up call.”
  • In 1998 Deputy Secretary of Defense John Hamre called the SOLAR SUNRISE incident “a wake-up call.”
  • In 1989 IT executive Thomas Nolle wrote in Computer Week that poor LAN security was a “wake-up call.”



I know it’s been happening. What astounded me is that water utilities, and possibly other utilities, don’t have to notify anyone when they’ve been hacked.

1 Like

Just wait until they start hacking banks and financial institutions.

And trust me: it’s coming.

Federal lawmakers have started to take note.

Last fall, Congress passed the America’s Water Infrastructure Act of 2018, sponsored by Sen. Amy Klobuchar (D-Minn.) and signed into law by President Trump on Oct. 23.

Any water utility serving 3,300 or more people is now expected to carry out a “risk and resilience” assessment of its networks, including a review of cyber defenses. The nation’s biggest water providers have until next March to comply, while smaller companies can wait to act until June 2021.

EPA is now the go-to agency for water cybersecurity. It’s tasked with issuing guidance to utilities on implementation of the new law and following up on compliance. “EPA is very aware that cyberattacks are a significant threat to critical infrastructure sectors, including water and wastewater systems,” an EPA spokesperson said in an email. “EPA works through a voluntary partnership approach to help water utilities enhance the cybersecurity of their water systems.”

Good luck with the voluntary approach. This law was passed during the Trump administration. The Biden administration EPA will undoubtedly spend all their time fighting real threats like global warning

1 Like

climate change brings utilities and infrastructure to their knees very easily… see TX today…

It’s partly security by obscurity. You don’t want to give people ideas such as [redacted] or [redacted].

There is very little “hacking” vulnerability currently as most control systems are all air-gapped. But there’s tons of low-tech vulnerability, whether that be from foreign bad-actors or hillbillies using infrastructure as target practice. Part of the reason you don’t hear about these incidents is because then it would give fellow MAGA-ers the idea to carry out more of the same low-tech attacks.

The utilities should not be privatized like they are. That’s why there’s so little progress on modernizing things. It’s not profitable to do so. Instead of preventative protections, they just milk out a stream of privatized profits and then when disaster strikes the massive losses are all absorbed by the public through massive bailouts because the alternative is allowing the “utilities” to fail which is obviously also rarely acceptable.

It’s interesting though how “IOT” is simultaneously opening up new attack vectors while also finally providing more monitoring ability and preventative insight.

Extreme weather events happened long before the industrial revolution. And they will happen even if the climate crazies shutdown the world economy.


I’m constantly amazed at the extent some believe they are in control of what’s happening around them.

Oy vey iz mir!

You have attacked electric infrastructure?

And yet he criticizes anyone who refers to a virus that indisputably originated in China as the “Chinese virus”.

Sets don’t work that way. All maga hat wearers aren’t terrorists. That statement doesn’t follow from most domestic terrorists being maga hat wearers.
Making the second observation does NOT imply the first statement.
(Although, the number of ignorant/ innocent remaining “MAGAers” has shrunken significantly after the armed insurrection…)

I may or may not have worked at a company who had exposed control network ethernet ports in the field. Granted, it was probably just a solar field in the middle of nowhereville, Texas, but still… easy to get in through the chain-link parameter and bring a laptop to an inverter and unplug its ethernet cable, which was then media converted to the fiber ring, which was terminated in the substation building at the main SCADA switch.

All hypothetical though.


No. My comment, in case it went over your head, was about the fact that you can’t seem to have a thought without thinking of the former President or any of the people who supported him - both upstanding, ne’er do wells, and bad actors. You paint them all with the broad brush of negativity.

I find that to be less.

near a weather radar center, I bet. :smile: