The Feb. 5 hacking incident on a Florida water utility is a jarring reminder that the threat of cyberattacks on critical water infrastructure is both real and serious. We live in a world where cyber intrusions are increasingly common in our personal and professional lives. Given the essential nature of water service, it’s well known that water infrastructure – and water treatment plants of all sizes -- are potential targets of people with bad intentions. While the Florida incident is unsettling, there are some takeaways that should bring us confidence. First, while the hacker was able to gain access, it appears a vigilant water operator thwarted any potential harm. There’s no clearer demonstration that water professionals are essential workers, and the work they do each day protects us all. Second, the incident makes clear to all water utilities and governing boards that they must take action to prevent or discourage similar attacks. The water sector has been actively addressing cybersecurity issues for many years. In fact, the 2018 America’s Water Infrastructure Act requires utilities to complete a risk and resiliency assessment that must include cyber threats to enterprise systems and process control systems. This incident should underscore the urgency of that work. Third, we are not powerless against cyber threats. There are resources available to help utilities of all sizes. AWWA’s Water Sector Cybersecurity Risk Management Guidance and the accompanying assessment tool are free to download at AWWA’s online Cybersecurity resource page , as is the Cybersecurity Risk & Responsibility in the Water Sector report and many other helpful eLearning opportunities and documents. There also are several upcoming workshops to help small systems with cybersecurity. These are described on the Small Systems resource page , including a course on Cybersecurity for Water Systems , which is part of the Small Systems Resiliency Certificate program. Federal agencies define cyberattacks as the top threat facing business and critical infrastructure. Friday’s incident demonstrates why. Let this incident be a constant reminder of the importance of round-the-clock cybersecurity vigilance in the days and decades ahead.