Critical Infrastructure Security
FBI, US Homeland Security Investigate Water Facility Cyberattack
No Disruption to Service; Manual Operations ImplementedFBI and U.S. Department of Homeland Security officials arrived in Arkansas City, Kansas, to investigate a cyberattack at the city's water treatment facility that occurred Sunday morning.
See Also: Nudge Toolkit: Your Key to Enhanced Cybersecurity
The incident prompted the facility to switch to manual operations. Officials assured the public that the water supply remains safe and uninterrupted.
"There has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved," said City Manager Randy Frazer.
Worries that hackers could tamper with the water supply gained urgency after a slew of incidents, including an Iranian attack last November against Israeli-made pressure-monitoring controllers used by American water systems (see: Internet-Exposed Water PLCs Are Easy Targets for Iran).
City officials in Oldsmar, Florida, in 2021 apparently stopped an attacker from mixing dangerous levels of lye into municipal pipes - although an Oldsmar official has since cast doubt on whether the incident was actually a cyberattack, stating it was employee error instead. Municipal officials at the time stressed that fail-safe mechanisms would have ensured that unsafe water never made it into taps.
A spokesperson for Arkansas City was not immediately available to provide additional details.
Jason Soroko, senior fellow at Sectigo, said network segmentation and system vulnerabilities are common weaknesses in water treatment facilities and could allow attackers to disrupt essential operations.
"Inadequate network segmentation between administrative and operational networks allows attacks to spread easily," Soroko told Information Security Media Group. "Insufficient protection of Human Machine Interface systems, which control vital functions like water flow and chemical output, makes them prime targets for attackers, emphasizing the need for strong endpoint protection like endpoint detection and response."
The city took precautionary measures, including enhanced monitoring of the water treatment facility and fortified security controls to prevent further unauthorized access, according to authorities.
Ransomware and other cyberattacks on industrial control systems have become increasingly common in recent years. "The specialized security skill set required to protect against cyberthreats is very different from the expertise present in these facilities, leading to gaps in security posture," Soroko said.