Lawmakers from both parties have expressed concern about recent cyberattacks on water systems in drought-stricken parts of the western United States, particularly in rural areas. In response to these attacks, Reps. Ruben Gallego and Pat Fallon have written to DHS Secretary Alejandro Mayorkas seeking a briefing and answers about the January cyberattack on the water system in Muleshoe, Texas. The attack caused the town’s water system to overflow, resulting in tens of thousands of gallons of water being released from the water tower within hours. The hack was one of three targeting small towns in the Texas Panhandle connected to a Russian hacktivist group.
In another incident, the city manager of Hale Center reported about 37,000 attempts to log into the city’s firewall over four days, all of which failed as the system was unplugged and operated manually. However, in Muleshoe, the attack successfully caused the water system to overflow before being shut down and taken over manually by city officials. The legislators revealed that cybersecurity firm Mandiant attributed the attack to Sandworm, a group believed to be linked to Russia’s spy agency, the GRU. Sandworm has previously been involved in cyberattacks on the Olympic Games in South Korea and Ukraine’s electrical grid.
Gallego and Fallon emphasized the importance of protecting water facilities, which are critical infrastructure for the entire nation, and noted the potential devastating effects of a similar hack occurring in states with limited water supply, such as Arizona. Losing tens of thousands of gallons of water, as in the Muleshoe incident, could have severe impacts on rural communities across the country. The lawmakers raised concerns about the vulnerability of water facilities to cyberattacks and asked Mayorkas about the department’s response to the Muleshoe hack, steps being taken to protect all water facilities and critical infrastructure, and lessons learned from previous incidents, including an Iranian-linked cyber group hacking a water authority in Pennsylvania last year.
This letter to Mayorkas is the second time since December that Gallego has requested a briefing about DHS protection of U.S. water facilities and critical infrastructure. The legislators highlighted the importance of safeguarding the water supply and the challenges faced by drinking water and wastewater systems in adopting rigorous cybersecurity practices. In March, the EPA Administrator and the president’s assistant for National Security Affairs sent a letter urging governors to assess cybersecurity and plan for potential cyberattacks on water systems. The lack of resources and technical capacity in many critical infrastructure sectors makes them attractive targets for cybercriminals.
Lawmakers are seeking answers from the Department of Homeland Security regarding recent cyberattacks on water systems in drought-affected areas of the western United States. In response to the January cyberattack on a Texas town’s water system, legislators requested a briefing and information about the attack attributed to a Russian hacktivist group. Concerns have been raised about the vulnerability of water facilities, the potential devastating impacts of similar attacks elsewhere, and the need for enhanced protection measures for critical infrastructure across the country. These incidents highlight the importance of cybersecurity for safeguarding essential services like water supply in the face of increasing cyber threats.
