Arkansas City, a small city in Cowley County, Kansas, was compelled to shift its water treatment facility to manual operations over the weekend due to a cyberattack detected early Sunday morning.
City officials promptly reported the incident to relevant authorities, with investigations now underway by Homeland Security and FBI agents, according to local media. City manager Randy Frazer reassured the public that the water supply remains secure and that the cyberattack has not disrupted water treatment processes.
"Despite the incident, the water supply remains completely safe, and there has been no disruption to service," Frazer stated. "Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period."
Government authorities and cybersecurity experts are collaborating to resolve the situation and restore normal operations at the city’s water plant. Enhanced security measures have been implemented to protect the water supply, and officials confirmed that no changes to water quality or service are expected for residents.
However, the city reported on Saturday that it was facing issues with some pumps, warning residents of possible low water pressure over the weekend and into Monday as they work to resolve the problems.
This cyberattack on Arkansas City's water plant occurred just two days after the Water Information Sharing and Analysis Center (WaterISAC) issued a TLP
threat advisory, cautioning about Russian-linked threat actors targeting the water sector. The day before, the U.S. Environmental Protection Agency (EPA) released guidance to help water and wastewater system operators assess their cybersecurity practices and reduce vulnerability to attacks.
In recent months, the White House and the EPA have sought support from governors to bolster defenses for state water systems against cyber threats. In July, the U.S. government imposed sanctions on two Russian cybercriminals linked to the Cyber Army of Russia Reborn (CARR), who have been involved in attacks against U.S. water infrastructure, including a water storage facility in Texas.
The U.S. water sector has faced increasing cyber threats from various state-backed actors, including Iranian and Chinese groups, with notable breaches over the years. Previous incidents, such as those involving Volt Typhoon hackers and IRGC-affiliated actors, have targeted critical infrastructure, including drinking water systems.
Moreover, the U.S. Water and Wastewater Systems (WWS) Sector has experienced multiple breaches in recent years due to ransomware attacks like Ghost, ZuCaNo, and Makop, affecting facilities across the country.
