"We have been, over the years, trying to play better and better defense when it comes to cyber"
Bollocks. Every time anyone tries to improve security and reslience they get resistance from the companies, states and representatives.
From May this year
https://www.nextgov.com/cybersecurity/2024/05/more-70-surveyed-water-systems-failed-meet-epa-cyber-standards/396727/]
The report found "More than 70% of surveyed water systems failed to meet EPA cyber standards"
and states,
"The EPA has tried to push hardened security mandates onto water operators, but the agency in October rescinded a memorandum that would have directed providers to evaluate the cyber defenses of their water systems when conducting sanitation surveys. The measure, which the agency said was permissible under the Safe Water Drinking Act, faced legal pushback from GOP-led states and trade groups."