Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning.
City officials have informed relevant authorities about the incident, and Homeland Security and FBI agents are investigating, as reported by local media. City manager Randy Frazer confirmed that the water supply is secure and that the cyberattack has not affected water treatment operations.
“Despite the incident, the water supply remains completely safe, and there has been no disruption to service,” Frazer said in a statement published over the weekend.
“Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period.”
Government authorities and cybersecurity experts are now working to “resolve the situation” and return the city’s water plant to normal operations.
“Enhanced security measures are currently in place to protect the water supply, and no changes to water quality or service are expected for residents,” the city added.
The city also said on Saturday that it was experiencing issues with some pumps and warned residents they may experience low water pressure through the weekend and possibly on Monday while the problems were addressed.
U.S. water sector under attack
Arkansas City’s water plant was hit two days after the Water Information Sharing and Analysis Center (WaterISAC), a nonprofit organization that helps protect water utilities from physical and cyber threats, issued a TLP:AMBER threat advisory warning of Russian-linked threat actors targeting the water sector.
One day prior, the U.S. Environmental Protection Agency (EPA) issued guidance to assist owners and operators of water and wastewater systems (WWSs) in evaluating their cybersecurity practices and identifying measures to reduce their exposure to cyberattacks.
In March, the White House and EPA asked governors for support in defending their states’ water systems against cyberattacks, while in July, the U.S. government sanctioned two Russian cybercriminals who were part of the Russia-aligned hacktivist group Cyber Army of Russia Reborn (CARR) for cyberattacks targeting the United States water sector, including a water storage unit in Texas.
In recent years, Iranian and Chinese state-backed threat groups targeted and breached U.S. water systems. For instance, Volt Typhoon hackers breached the networks of critical infrastructure organizations, including drinking water systems, while IRGC-affiliated threat actors infiltrated a Pennsylvania water facility.
U.S. Water and Wastewater Systems (WWS) Sector facilities have also been breached multiple times over the last decade in Ghost, ZuCaNo, and Makop ransomware attacks that impacted a South Houston wastewater treatment plan in 2011, a water company with outdated software and hardware equipment in 2016, the Southern California Camrosa Water District in August 2020, and a Pennsylvania water system in May 2021.