A single California water utility, the South Coast Water District (SCWD), reported successfully blocking over 6 million connection attempts originating from China-based IP addresses within a one-week period in mid-July. The district disclosed this intense cyber activity, which occurred between July 15 and July 23, 2025, during an industry webinar hosted by the Water Information Sharing and Analysis Center (WaterISAC) on July 23. The incident underscores escalating concerns about foreign state-sponsored threats to vital U.S. infrastructure.
The SCWD revealed the staggering figure using data from a firewall dashboard provided by security company ThreatSTOP. This specific targeting highlights the persistent efforts by foreign actors to probe and potentially exploit vulnerabilities within critical American systems. The U.S. intelligence community has consistently identified the Chinese communist regime (CCP) as a major cyber threat, warning of extensive state-backed hacking operations aimed at U.S. critical infrastructure.
Recent reports from the Office of the Director of National Intelligence (ODNI) in early 2025 indicate that Beijing's state-sponsored hacking groups are actively mapping and infiltrating networks across various sectors, including water, energy, and transportation. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) also issued a joint advisory in June 2025, detailing ongoing campaigns by People's Republic of China (PRC) state-sponsored actors to pre-position themselves for potential disruptive or destructive attacks.
During the WaterISAC webinar, ThreatSTOP CEO Tom Byrnes and chief scientist Paul Mockapetris, who is credited with inventing the Domain Name System (DNS), advised water industry professionals on enhancing their cyber defenses. They emphasized the importance of tailoring access permissions to servers and setting clear geographical limits for connections. Mockapetris highlighted the logical approach for utilities, stating, > "If you’re a water district in southern California, you probably don’t have any customers in China," suggesting that blocking traffic from irrelevant regions is a fundamental security measure.