Kansas’ Arkansas City has become the latest victim of a series of cyberattacks on US water facilities. The city had to switch its water treatment facility to manual operations over the weekend after detecting a cybersecurity issue on Sunday morning.
Authorities have been notified, and both Homeland Security and FBI agents are now investigating the incident, according to local media reports.
Arkansas City Manager Randy Frazer stated that the water supply remains unaffected by the incident and that there has been no impact on water treatment processes. Frazer confirmed that, despite the cyberattack, there has been no disruption to water services.
“Despite the incident, the water supply remains completely safe, and there has been no disruption to service,” he said. “Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period.”
Government agencies and cybersecurity experts are working to resolve the issue and return the water plant to its normal operations. The city reported that security measures have been implemented to safeguard the water supply and no changes to water service are expected. However, on Saturday, the city announced that issues with certain pumps might lead to low water pressure over the weekend and potentially into Monday as these problems were addressed.
This attack follows a warning from the Water Information Sharing and Analysis Center (WaterISAC), a nonprofit organisation providing security information for water utilities. Just two days earlier, WaterISAC issued a TLP:AMBER alert warning that Russian-linked threat actors were going after water utilities.
Additionally, one day before the cyberattack, the US Environmental Protection Agency (EPA) issued guidance to water and wastewater system operators, encouraging them to assess their cybersecurity practices and reduce their risk of cyberattacks. This guidance followed a request in March by the White House and the EPA for state governors to support efforts to protect water systems from such attacks.
In July, the US government sanctioned two Russian cybercriminals, identified as members of the Cyber Army of Russia Reborn (CARR). The sanctions were for their involvement in cyberattacks targeting the US water sector, including an attack on a water storage facility located in Texas.
CNI a tempting target for cybercriminals
US water systems have been frequently targeted in recent years by foreign state-linked groups. For example, Volt Typhoon, a state-sponsored actor based in China, gained access to critical infrastructure networks, including drinking water facilities, while individuals linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) breached a water facility in Pennsylvania.
The US Water and Wastewater Systems (WWS) Sector has experienced multiple breaches over the past decade. These include ransomware attacks such as Ghost, Makop, and ZuCaNo. Incidents over the years include a breach at a South Houston wastewater treatment plant in 2011, a 2016 attack on a water company with outdated systems, a ransomware attack on Southern California’s Camrosa Water District in August 2020, and a breach targeting a Pennsylvania water system in 2021.
It’s not just the water sector in the US that is facing cyberattacks. A recently published survey revealed that the US power grid is proving particularly vulnerable as cyberattacks against critical national infrastructure around the world have risen by 30% this year. According to the report from cybersecurity firm KnowBe4, the number of weak points in that network is increasing by 60 per day, with the total count rising from 21,000 in 2022 to an estimated 23,000-24,000 at present.
It’s not just the US water sector that is under threat from cyberattacks. A recently published survey highlights that the US power grid is also highly vulnerable, as cyberattacks against critical national infrastructure globally have increased by 30% this year. According to a report from cybersecurity firm KnowBe4, weak points within the US power grid are increasing at a rate of 60 per day. The total number of vulnerabilities has risen from 21,000 in 2022 to an estimated 23,000 to 24,000 currently.