Cyber threats in our water supply: What utilities need to know

May 2, 2025

Frederick Johnson, the cybersecurity practice lead at Stantec, offers critical insights into the cyber threats facing water utilities. He discusses recent attacks in Wichita and Arkansas City, emphasizing the vulnerabilities in the water sector. Johnson highlights the need for strategic preparedness and the dangers of complacency among utilities. He also shares the importance of cybersecurity training for staff and the essential role of risk assessments. Plus, he sheds light on potential regulatory changes aimed at enhancing cybersecurity in the industry.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Complacency Threatens Water Cybersecurity

Complacency is the greatest cybersecurity threat in the water industry due to lack of funded improvement projects.
Resource constraints and advancing attackers exacerbate vulnerabilities, alongside regulatory compliance gaps.

ANECDOTE

Fake Gift Card Email Test

A fake gift card email test showed even management could be easily fooled and share potentially harmful links.
Human nature leads to mistakes, highlighting the need for ongoing, effective cybersecurity training.

ADVICE

Conduct Robust On-site Security Testing

Conduct on-site assessments of both physical and online security to identify vulnerabilities.
Regular incident response testing is key to prepare for real cyberattacks effectively.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of Talking Under Water, Co-host Mandy Crispin speaks with Frederick Johnson, cybersecurity practice lead at Stantec. Johnson helps utilities, government agencies, and private sector clients prepare for technological challenges. The cyber-attack on Wichita, Kansas, was about a year ago, and the cybersecurity issue in Arkansas City, Kansas, was about six months ago. Considering these events, the interview sheds light on the greatest threats to cybersecurity right now, any potential changes in regulation, and how utilities can address cybersecurity.

Show Notes:  

Timestamps:  

Introduction | 0:00
The greatest threat to cybersecurity in the water sector | 1:16
Why water systems are targets for cyberthreats | 3:07
An example of a common cybersecurity attack tactic | 4:40
What to expect from an on-site cybersecurity risk assessment | 7:33
What lessons can be learned from notable water system cyberattacks? | 11:06
What percentage of utilities are prepared to address cyberattacks? | 13:07
An overview of introduced cybersecurity bills for U.S. water systems | 14:26
Housekeeping | 17:39

Resources:

About the Podcast  

Talking Under Water is the premier podcast for the water industry, including municipal water and wastewater, residential water treatment, storm water management and erosion control. It is produced in coordination between Wastewater Digest (WWD), WaterWorld and Storm Water Solutions (SWS). The podcast covers topics under the One Water movement including the municipal and industrial water and wastewater, residential, storm water and erosion control markets. Talking Under Water highlights news, trends, new technologies, industry discussions and interviews with experts across the municipal water industry. New episodes of the podcast are released every other week. Logo Images: Anatoly Tiplyashin / Romolo Tavani / stock.adobe.com.  

Contact the Talking Under Water podcast editors by emailing talkingunderwater@endeavorb2b.com engaging with them on Twitter @TUWpodcast. Join the conversation by commenting or using the hashtag #talkingunderwaterpod on social media. 