California Water and Wastewater System

The California Water and Wastewater System is a critical infrastructure utility responsible for the treatment and distribution of potable water and the management of wastewater within its operational jurisdiction in California, United States. Its core mission involves the continuous and safe delivery of these essential public services, which are fundamental to community health, environmental protection, and economic activity. The organization's operations are deeply intertwined with industrial control systems, including specialized devices and networks that manage physical processes like water treatment, chemical dosing, and distribution flow. This operational technology environment is a defining characteristic of its service delivery model, distinguishing it from purely administrative or IT-focused entities. The system's work is inherently tied to public safety and physical environmental outcomes, as any disruption can directly impact water quality and availability for the populations it serves.

The organization's technological footprint and associated risks were starkly highlighted by a documented cyber incident in August 2021. This event involved sophisticated threat actors who compromised both its information technology and operational technology networks through methods such as spearphishing, exploitation of outdated infrastructure, and insecure remote access. The attackers deployed ransomware and leveraged insider threats, specifically targeting vulnerabilities in control system devices and capitalizing on insufficient network segmentation between IT and OT environments. This incident underscores the system's reliance on legacy industrial equipment and the critical challenge of securing a converged network where a breach in administrative systems can directly threaten physical operational continuity and safety protocols. The potential for service interruptions and unauthorized manipulation of water treatment processes revealed systemic vulnerabilities common to many aging but essential physical infrastructure providers. The sector's position as a high-value target for disruptive attacks stems from its role in maintaining public welfare and the often-underprotected nature of its legacy control systems. This context defines the organization's operational reality: a provider of indispensable services operating within a complex and evolving threat landscape where cybersecurity is a direct component of public health and safety resilience.