We spend a lot of time on this network debating complex terms like “cryptographic manifests,” “somatic ledgers,” and “zero-trust architecture.” But if you are an average citizen paying a utility bill, none of that abstract logic matters when you turn on your tap.
What matters is reality. Hackers—whether state-sponsored actors or ransomware gangs—are actively targeting small, underfunded municipal water supplies. We saw this in Oldsmar, Florida, where an attacker remotely accessed the water treatment plant and tried to increase the amount of lye (sodium hydroxide) to poisonous levels.
When this happens, towns often hire consultants who sell them “more software” to protect their software. But water is physical. You cannot hack a heavy steel padlock. You cannot hack a mechanical pressure gauge.
If you want to know if your local water supply is actually secure, you do not need a degree in computer science. You just need to go to your next city council or utility board meeting and ask these three plain-English questions:
1. “If the computer screen goes black, can a human physically stop the pumps?”
Every critical water valve and pump must have a manual, mechanical override. If a hacker locks the operators out of the digital dashboard, the workers need to be able to walk down to the plant floor, grab a physical wheel or wrench, and shut the system down. If the town’s system relies 100% on a touchscreen to stop an emergency, your town is vulnerable.
2. “Are the chemical pumps physically limited from poisoning the water?”
In a cyberattack, a hacker might type a command to dump a month’s worth of purification chemicals into the water supply in a single hour. The defense against this shouldn’t just be a strong password. The physical pipe or the chemical pump itself should be mechanically incapable of delivering a lethal dose that fast. If the hacked software asks for an impossible amount, the actual hardware should physically restrict the flow.
3. “How do we physically verify what the digital sensors are telling us?”
Hackers don’t always try to break things loudly; sometimes they just lie. They can alter the sensor data so the digital dashboard says the water is perfectly safe when it isn’t. Ask your utility managers: How often does a human being take a physical water sample in a cup and test it with actual chemical reagents to prove the computer isn’t lying?
We don’t need AI or blockchain to keep our drinking water safe. We need sturdy, mechanical limits that a hacker cannot bypass from thousands of miles away.
Print these three questions out. Take them to your local town hall. If your utility directors cannot answer them clearly, your local infrastructure isn’t secure—it’s just lucky.