Arkansas City, Kansas, has confirmed that its water treatment facility experienced a cybersecurity incident on September 22 2024, prompting a temporary switch to manual operations. Local authorities were notified immediately, and cybersecurity experts are working to restore the facility’s automated systems.
Writing in an advisory on Sunday, City Manager Randy Frazer emphasized that the incident has not disrupted water services or compromised water quality.
“Despite the incident, the water supply remains completely safe, and there has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations while the situation is being resolved,” Frazer stated. He also reassured residents that the city maintains full control of the water system.
Though details of the incident have not been fully disclosed, there are indications that the attack may have involved ransomware, as the decision to switch to manual operations often follows attempts to contain such breaches. Enhanced security protocols have been implemented to safeguard the city’s water supply.
Arkansas City officials have engaged cybersecurity professionals and informed relevant authorities to mitigate the situation. The city has also affirmed that no changes to water quality or service are expected as the investigation continues.
This incident highlights the growing vulnerability of public utilities, especially in the water sector, which has become an increasing target for cyber-attacks. Efforts to bolster cybersecurity resilience across US water facilities are ongoing, with government agencies taking active steps to prevent future breaches.
To protect themselves from such breaches, companies in the water sector should implement comprehensive cybersecurity strategies. Key steps include regular security assessments, employee training on phishing and social engineering, robust data encryption and the adoption of multi-factor authentication (MFA) to secure access.
Additionally, keeping software systems up to date and establishing incident response plans can help utilities quickly respond to and mitigate attacks.
Infosecurity has reached out to Arkansas City for further details and will update this article with new information if and when it becomes available.