CAMDEN, N.J. (AP) 鈥 A cyberattack continues to affect the largest regulated water and wastewater utility company in the United States, renewing a focus on the importance of protecting critical infrastructure sites.
New Jersey-based American Water paused billing to customers as it on Monday. It said it became aware of the unauthorized activity on Thursday and immediately took protective steps, including shutting down certain systems. Water services have been unaffected as protections remained in place Wednesday.
The company 鈥 which provides to more than 14 million people in 14 states and on 18 military installations 鈥 said it does not believe its facilities or operations were impacted by the attack, although staffers were working 鈥渁round the clock鈥 to investigate its nature and scope.
The attack against American Water appears to be an 鈥淚T focused attack鈥 more than an operational one, according to Jack Danahy, vice president of strategy and innovation at Colchester, Vt.-based NuHarbor Security in Vermont.
鈥淧eople haven鈥檛 traditionally thought of pieces of infrastructure, such as water and wastewater service as being prone to threats, but incidents like this shows how quickly problems could occur,鈥 Danahy said. 鈥淎s billing and other services have become more accessible to customers in recent years, they're now exposed to more types of risks and concerns that were not previously there.鈥
The U.S. Cybersecurity and Infrastructure Security Agency and urged water systems to take immediate actions this year to protect the nation鈥檚 drinking water. About 70% of utilities inspected by federal officials recently violated standards meant to prevent breaches or other intrusions, the EPA said.