Arkansas City, a small community in Cowley County, Kansas, switched its water treatment facility to manual operations over the weekend after a cyberattack was detected on Sunday morning.
City officials reported the incident to relevant authorities, with Homeland Security and the FBI now investigating. City manager Randy Frazer assured residents that the water supply remains safe, and there has been no disruption to water treatment operations.
“Although the facility is operating manually out of caution, the water supply is entirely safe and uninterrupted,” Frazer stated over the weekend.
Government agencies and cybersecurity experts are actively working to “resolve the situation” and restore normal operations at the water treatment plant.
“Enhanced security measures have been implemented to safeguard the water supply, and residents should not expect any changes in water quality or service,” the city noted.
However, on Saturday, the city warned of potential low water pressure over the weekend and into Monday due to issues with some pumps.
U.S. water sector under attack
Two days after the Water Information Sharing and Analysis Center (WaterISAC), a nonprofit dedicated to safeguarding water utilities from physical and cyber threats, issued a TLP threat advisory, Arkansas City’s water plant was hit by a cyberattack. The advisory specifically warned of Russian-linked threat actors targeting the water sector.
Just one day before the incident, the U.S. Environmental Protection Agency (EPA) provided guidance to water and wastewater systems (WWSs) on evaluating cybersecurity practices and reducing vulnerability to cyberattacks.
In March, both the White House and EPA called on governors to help protect their states’ water systems from cyber threats. By July, the U.S. government had sanctioned two Russian cybercriminals linked to the hacktivist group Cyber Army of Russia Reborn (CARR) for attacks on the U.S. water sector, including a Texas water storage unit.
State-backed groups from Iran and China have also targeted U.S. water systems in recent years. For example, Volt Typhoon hackers breached critical infrastructure networks, including drinking water systems, while IRGC-affiliated actors infiltrated a Pennsylvania water facility.
Over the past decade, U.S. Water and Wastewater Systems (WWS) facilities have faced numerous breaches from ransomware groups like Ghost, ZuCaNo, and Makop. Notable incidents include a South Houston wastewater plant attack in 2011, a 2016 breach at a water company with outdated equipment, the 2020 ransomware attack on Southern California’s Camrosa Water District, and a 2021 breach of a Pennsylvania water system.
Source: BleepingComputer, Sergiu Gatlan