Last Sunday Arkansas City experienced a cybersecurity incident that targeted its water treatment facility, according to a City press release. Authorities were immediately informed, and swift action was taken to safeguard the facility's operations.
City Manager Randy Frazer reassuring residents that the water supply remains safe, and there was no disruption in services. “Despite the incident, the water supply remains completely safe, and there has been no disruption to service,” Frazer stated. “Out of caution, the water treatment facility has switched to manual operations while the situation is being resolved. Residents can rest assured that their drinking water is safe, and the City is operating under full control during this period.”
Cybersecurity experts, along with government authorities, are working diligently to resolve the situation and restore normal operations at the facility. Enhanced security measures have been put in place to prevent further issues, and officials emphasize that no changes to water quality or service interruptions are expected.
This proactive response is intended to minimize any potential threats and ensure that critical infrastructure remains protected as the situation develops. The City continues to monitor the incident closely while prioritizing public safety.
Itay Glick, VP of Products at OPSWAT, a firm specialized in critical infrastructure cybersecurity solutions, said the incident at Arkansas City’s water treatment facility highlights the evolving cybersecurity challenges facing critical infrastructure, particularly in the water and wastewater sectors. “Arkansas City’s quick transition to manual operations was key in maintaining uninterrupted service”, he commented, and emphasized the importance of strong cybersecurity defences that reduce the need for such measures in the first place.
“Given the unique and largely unregulated nature of cybersecurity in the water industry, it is essential for utilities to proactively adopt best practices. These include securing communication channels like email and USB devices, employing network segmentation to prevent threats from spreading into operational technology (OT) environments, and implementing strong endpoint protection.”