Lawmakers from both sides of the aisle are expressing concern about recent cyberattacks on water systems in drought-stricken areas of the western U.S. They are seeking answers from the Department of Homeland Security (DHS) on how hacks can be prevented in the future. In response to a January cyberattack on the water system in Muleshoe, Texas, Reps. Ruben Gallego and Pat Fallon called for a briefing and answers from DHS Secretary Alejandro Mayorkas. The hack caused the town’s water system to overflow, sending tens of thousands of gallons of water flowing out of the water tower. The attack was linked to a Russian hacktivist group.
In another Texas town, Hale Center, there were approximately 37,000 attempts in four days to log into the city’s firewall, but the hack ultimately failed as the system was “unplugged” and operated manually. However, in Muleshoe, which has a population of about 5,000, hackers caused the system to overflow before it was manually shut down by city officials. The cybersecurity firm Mandiant attributed the attack to Sandworm, believed to be connected to Russia’s spy agency, the GRU. The lawmakers warned that similar attacks in other states lacking sufficient water supply could disrupt operations with devastating effects.
Sandworm, the group responsible for the Texas attack, had previously launched hacks against the Olympic Games in South Korea and on Ukraine’s electrical grid in 2018. Another group connected to Sandworm, the Cyber Army of Russia Reborn, claimed responsibility for the hack in Texas. Gallego and Fallon emphasized the importance of protecting the nation’s water facilities and critical infrastructure from disruption. They raised concerns about the potential devastating impacts of losing tens of thousands of gallons of water, such as what happened in Muleshoe in January, on rural communities across the country.
The lawmakers sent a list of questions to Secretary Mayorkas, seeking information on the actions DHS is taking to respond to the Texas water system hack, steps being taken to protect the nation’s water facilities and other critical infrastructure, and lessons learned from previous hacks. This incident marks the second time since December that Gallego has requested a briefing on DHS protection of U.S. water facilities. The Environmental Protection Agency and National Security Affairs also recently sent a letter to governors, urging them to assess cybersecurity and plan for potential cyberattacks on drinking water and wastewater systems. These systems are considered attractive targets for cyberattacks due to their critical infrastructure status and lack of resources for stringent cybersecurity measures.
As lawmakers and government officials work to address the growing threat of cyberattacks on water systems and critical infrastructure, concerns remain about the potential vulnerabilities and devastating impacts of such attacks on communities across the country. Seeking answers and taking proactive measures to enhance cybersecurity practices, protect essential infrastructure, and prevent future attacks are crucial steps to safeguarding the nation’s water supply and ensuring the resilience of essential services. Collaboration between federal, state, and local agencies, as well as increased awareness and preparedness among stakeholders, will be key in mitigating the risks posed by cyber threats to critical infrastructure.
