%202.svg)
American Water Works
Unknown Ransomware
Energy
Billing systems shutdown for one week, no OT systems affected
Via phishing, unpatched systems, or supply-chain compromise leading to ransomware installation
Weak Credential
Network Cloaking, Passwordless Access, and Segmentation
American Water, a large US water and wastewater utility, suffered a cybersecurity incident that forced it to disconnect key systems, including its customer billing platform.
Although the company confirmed that OT operations and water quality were unaffected, the forced shutdown of the billing system and customer portal highlights the operational risk stemming from vulnerabilities in the IT domain, which forces a strategic disconnect to prevent lateral spread into OT.
The incident confirms that, although water OT systems may be physically separate, the IT risk still necessitates a strategic shutdown of interconnected systems. BlastWave guarantees that the IT billing system is logically separate from the OT SCADA network via Network Cloaking and Microsegmentation.
The vulnerability in the billing platform cannot be used to move laterally or discover the OT network, ensuring the utility’s operational water quality and distribution systems maintain 100% availability during the IT incident response and recovery phase.
Reading about past failures is only useful if it changes future outcomes. If attackers can see your OT network, they can target it. If they can target it, compliance, safety, and uptime are already at risk.
BlastWave eliminates reconnaissance, initial access, and lateral movement — without agents, without downtime, and without changing IPs, protocols, or PLCs.