HARRISBURG, Pa. (NEWSnet/AP) — Aliquippa Water Authority in western Pennsylvania is an unlikely victim of an international cyberattack.

It had not required help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the new $18.5 million facility it is constructing.

Then it was struck by what federal authorities say are Iranian-backed hackers targeting equipment specifically because it was manufactured in Israel.

“If you told me to list 10 things that would go wrong with our water authority, this would not be on the list,” said Matthew Mottes, chairman of the authority.

The unit handles water and wastewater for about 22,000 people in the town near Pittsburgh.

The danger, security officials say, is hackers gaining control of automated equipment for shutdown of pumps that supply drinking water or contaminate drinking water by reprogramming automated chemical treatment.

Iranian hackers interrupted a remotely controlled device that monitors and regulates water pressure at a pumping station. Customers weren't affected because crews alerted by an alarm switched to manual operation. But not every water authority has a built-in manual backup system.

Several states have passed legislation to increase scrutiny of cybersecurity. Indiana and Missouri passed such laws. A 2021 California law commissioned state security agencies to develop outreach and funding plans to improve cybersecurity in agriculture and water sectors.

Legislation died in several states, including Maryland and Pennsylvania.

Private water companies say such bills orce  public counterparts to follow stricter regulatory standards that private companies face from utility commissions and, as a result, boost public confidence in the safety of tap water.

“It’s protecting the nation’s tap water,” said Jennifer Kocher, a spokesperson for National Association of Water Companies. “It is the most economical choice for most families, but it also has a lack of confidence from a lot of people who think they can drink it and every time there’s one of these issues it undercuts the confidence in water and it undercuts people's willingness and trust in drinking it.”

Opponents said the legislation is designed to foist burdensome costs onto public authorities and encourage their boards and ratepayers to sell out to private companies that can persuade state utility commissions to raise rates to cover the costs.

“This is a privatization bill,” Justin Fiore of the Maryland Municipal League told Maryland lawmakers during a hearing last spring. “They’re seeking to take public water companies, privatize them by expanding the burden, cutting out public funding.”

For many authorities, the demands of cybersecurity tend to fade into the background of more pressing needs for residents wary of rate increases: aging pipes and increasing cost to comply with clean-water regulations.

In March 2023,U.S. Environmental Protection Agency proposed a rule to require states to audit the cybersecurity of water systems. It was short-lived. Three states — Arkansas, Missouri and Iowa — sued, accusing the agency of overstepping its authority and a federal appeals court promptly suspended the rule. EPA withdrew the rule in October.

Copyright 2024 NEWSnet and The Associated Press. All rights reserved.