The control systems of public drinking water systems are vulnerable to attack by malicious hackers. This has been shown through several penetration tests and the reported attack (which later was not corroborated by a DHS investigation) on an Illinois public drinking water system by foreign hackers in November, 2011, the most recent publicly known cyber attack on a drinking water utility. This talk will examine the many vectors of attack on the IT systems of a drinking water utility, their vulnerabilities, proposed defensive measures, and potential consequences of a malicious hacker attack. The control systems, including the programmable logic controllers (PLC's) and the human machine interface (HMI), will be described. The talk will discuss the many institutional, cultural, and financial obstacles to ensuring that the national public drinking water infrastructure is adequately protected from attacks by malicious hackers. The current threat environment of the national drinking water infrastructure will be discussed, including the repeated threats by Al Qaeda to poison the US drinking water supply, along with existing programs to address those threats and finally a discussion of what more needs to be done.