A recent hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, highlighting the growing threat of foreign cyberattacks against U.S. public utilities. The attack was one of three on small towns in the rural Texas Panhandle, but officials reported that the public was not put in any danger and that the attempts were reported to federal authorities. In Hale Center, a city manager reported that there were 37,000 attempts in just four days to log into their firewall. However, the attempted hack failed as the city unplugged the system and operated it manually.
In Muleshoe, hackers caused the water system to overflow before officials shut it down and took control manually. The city’s water disinfectant system was not affected, and the public was not in any danger. A cybersecurity firm, Mandiant, linked at least one of the attacks to a shadowy Russian hacktivist group called CyberArmyofRussia_Reborn, which previously claimed responsibility for attacks on water facilities in the United States and Poland that went largely unnoticed. Cybersecurity researchers suspect that the group has ties to the Russian government and engages in low-complexity attacks against Ukraine and its allies.
City managers in the affected towns have reported the incidents to the FBI and the Department of Homeland Security. In Lockney, cyberattackers were thwarted before they could access the water system, causing no issues except being a nuisance. Last year, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory following November hacks on U.S. water facilities attributed to Iranian state groups targeting facilities using Israeli equipment. Deputy national security adviser Anne Neuberger has called for increased cybersecurity measures in response to attacks by Iranian hackers and ransomware attacks on the health care industry.
In March, the EPA Administrator and the assistant to the president for National Security Affairs sent a letter to the nation’s governors urging them to take steps to protect the water supply, including assessing cybersecurity and planning for a potential cyberattack. Drinking water and wastewater systems are considered attractive targets for cyberattacks due to their critical infrastructure status and lack of resources to implement rigorous cybersecurity practices. The recent cyberattacks on water systems in small Texas towns serve as a reminder of the importance of ensuring the security of public utilities against foreign threats.
