Skip to the main content.

Modernize & Transform

Built to help you reimagine IT operations, empower your workforce, and leverage AI-powered tools to stay ahead of the curve.

Untitled design (3)

Empower My Team

We bring together the best of Microsoft’s cloud ecosystem and productivity tools to help your people thrive.

Untitled design (3)

Build My Infrastructure

We offer a comprehensive suite of infrastructure services tailored to support your business goals today and scale for the future

Untitled design (3)

IT Services

Our managed and co-managed IT service plans deliver a responsive and innovative engagement to support your IT needs, improve employee experience, and drive growth for your business. 

Untitled design (3)

Cybersecurity Services

Sourcepass offers innovative solutions, including SOC, GRC, Security Assessments, and more to protect your business.

Untitled design (3)

Professional Services

Grow your business with cloud migrations, infrastructure refreshes, M&A integrations, staff augmentation, technical assessments, and more.

Untitled design (3)

Industries

We understand what most managed service providers don’t – when it comes to industry-specific technology, one-size-fits-all solutions don’t exist.

Untitled design (3)

Public Sector

Sourcepass GOV, a division of Sourcepass, is dedicated to providing specialized IT solutions for the public sector.

Untitled design (3)

Locations

We have coverage across the United States, with phyiscal locations across 8 states. Wherever you are, Sourcepass has your back.

Untitled design (3)

Resource Library

Stay ahead, stay connected, and discover the future of IT with Sourcepass.

Untitled design (3)

Events & Webinars

Dive into a dynamic calendar of webinars and in-person gatherings designed to illuminate the latest in managed IT services, cybersecurity, and automation.

Untitled design (3)

Resources by Role

Explore key resources, eBooks, video trainings, and more curated for CEOs, CFOs, CIOs, CISOs, and technology leaders!

Untitled design (3)

The Sourcepass Story

Sourcepass aims to be different. It is owned and operated by technology, security, and managed services experts who are passionate about delivering an IT experience that clients love.

Untitled design (3)

The Sourcepass Experience

At Sourcepass, we’re rewriting the IT and cybersecurity experience by helping businesses focus on what they do best, while we deliver the infrastructure, insights, and innovation to help them thrive.

Untitled design (3)

 

AI-Powered Threats Are Changing the Risk Landscape for Water Utilities

 
AI-Powered Threats Are Changing the Risk Landscape for Water Utilities

Water and wastewater organizations have long been considered part of the nation's critical infrastructure, but recent developments highlight how the threat landscape is evolving faster than many public-sector entities can adapt.

New findings from both the U.S. Government Accountability Office (GAO) and industrial cybersecurity firm Dragos underscore a common message: water utilities must strengthen cybersecurity programs, improve visibility across operational technology (OT) environments, and prepare for increasingly sophisticated attacks.

For utility leaders, these reports offer valuable insight into both systemic cybersecurity challenges and emerging threats that could impact essential services.

 

GAO Highlights Ongoing Cybersecurity Challenges for Water Systems

In recent congressional testimony, the GAO warned that water and wastewater systems continue to face significant cybersecurity risks. According to the agency, several factors are contributing to a growing attack surface:

  • Operational technology (OT) systems are becoming increasingly connected to enterprise networks and the internet.
  • Aging infrastructure often lacks modern security controls.
  • Workforce shortages make it difficult to maintain and secure critical systems.
  • Cyber threats targeting critical infrastructure continue to increase in sophistication. 

While the testimony was not tied to a single cybersecurity incident, it reinforces concerns that many water utilities are managing complex operational environments with limited resources. As digital transformation initiatives continue, organizations must balance modernization efforts with cybersecurity resilience.

For public-sector and utility leaders, the message is clear: cybersecurity can no longer be viewed solely as an IT concern. Protecting operational systems that support water treatment, distribution, and monitoring has become an essential component of business continuity and public safety.

 

The First Public Example of AI-Assisted Targeting of Water Infrastructure

A separate report from industrial cybersecurity firm Dragos provides one of the first publicly documented examples of an adversary using commercial artificial intelligence tools to support activities against a municipal water utility.

According to Dragos, investigators analyzed an intrusion involving a municipal water and drainage utility where attackers attempted to move from a compromised enterprise IT environment toward operational technology systems. 

The significance of the incident is not that attackers successfully compromised operational systems—Dragos reported no evidence that OT systems were breached—but rather that AI tools were used to accelerate intrusion planning, environment mapping, reconnaissance, and identification of OT-adjacent assets.

Their findings demonstrate how commercially available AI technologies can help threat actors:

  • Analyze complex environments more quickly.
  • Identify high-value infrastructure assets.
  • Generate and refine attack pathways.
  • Scale common offensive techniques with greater speed. 

According to Dragos, the incident illustrates how AI can make OT environments more visible to adversaries already operating within an organization's IT network. 

 

Why This Matters for Water Utilities

Historically, specialized knowledge created a barrier between traditional cybercriminal activity and operational technology environments. Emerging AI capabilities may lower that barrier by helping attackers identify industrial systems and understand potential pathways between IT and OT networks. 

As a result, water utilities should evaluate whether existing cybersecurity programs adequately address both enterprise IT systems and operational environments.

Areas that warrant attention include:

  • IT and OT network segmentation
  • Identity and access management controls
  • Multi-factor authentication
  • Remote access security
  • Continuous monitoring and logging
  • Incident response planning
  • Asset inventory and visibility across critical systems

Many of these practices are reflected in water-sector cybersecurity guidance and templates used to support utility cybersecurity programs. For example, water system cybersecurity frameworks emphasize secure remote access, monitoring network activity, maintaining asset inventories, managing OT access privileges, and regularly reviewing cybersecurity controls.

 

Building Cyber Resilience in Critical Infrastructure

While AI-assisted attacks are still emerging, the broader lesson is not necessarily about artificial intelligence itself—it's about preparedness.

Threat actors continue to evolve their methods, and public-sector organizations must evolve their defenses accordingly. Strong cybersecurity fundamentals remain critical: visibility, access controls, network segmentation, monitoring, governance, and incident response planning continue to form the foundation of an effective security program. 

Water utilities that proactively address these areas will be better positioned to reduce risk, meet regulatory obligations, and maintain the reliability of the essential services their communities depend on.

 

How Sourcepass GOV Helps

Sourcepass GOV works with water districts, municipalities, and other public-sector organizations to strengthen cybersecurity programs through risk assessments, security advisory services, governance support, incident response planning, tabletop exercises, compliance oversight, and dedicated vCISO services.

These services are designed to help organizations identify vulnerabilities, improve resilience, and build a practical roadmap for managing cyber risk. 

 

Learn More

To read the full Dragos analysis, visit: AI in the Breach: How an Adversary Leveraged AI to Target a Water Utility

 

Sources: Dragos, https://www.gao.gov/