Cyber Incident Victim: City of Arkansas City
Date:
Sep 2024
Location:
United States of America
Summary
A cybersecurity incident at Arkansas City's Water Treatment Facility prompted a precautionary switch to manual operations to maintain secure water supply and service continuity. Authorities confirmed no disruption to water safety or quality, with enhanced security measures implemented during remediation efforts involving government agencies and cybersecurity experts. The incident coincided with pump-related issues causing temporary low water pressure for residents and occurred amid heightened warnings of Russian-linked threat activity targeting U.S. water infrastructure, following recent federal advisories and sanctions against adversarial groups involved in similar attacks nationwide.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 22, 2024, the City of Arkansas City, Kansas, detected a cybersecurity incident affecting its Water Treatment Facility during early morning hours. City Manager Randy Frazer confirmed the attack prompted an immediate shift to manual operations as a containment measure, though officials emphasized no disruption to water service or safety occurred. Homeland Security and FBI agents joined the investigation following notifications from city authorities, while cybersecurity experts worked to restore normal operations. The city concurrently addressed unrelated pump malfunctions announced on September 21, warning residents of potential low water pressure through the weekend and possibly Monday. Frazer issued public assurances that drinking water remained uncontaminated and fully under municipal control, with enhanced security protocols implemented to safeguard supply systems during remediation. No operational interference beyond the procedural switch to manual oversight was documented, and residents received continuous updates confirming stable water quality.
The incident occurred two days after WaterISAC circulated a TLP:AMBER advisory warning of Russian-aligned threat actors targeting U.S. water utilities, and one day after the EPA released updated cybersecurity guidance for water and wastewater systems. This context aligned with prior federal actions, including March 2024 White House and EPA requests for state-level water system defenses and July 2024 sanctions against Russian hackers linked to attacks on critical infrastructure. While attribution specifics for the Arkansas City breach remained undisclosed, the timing coincided with heightened sector alerts regarding Russia-affiliated groups like Cyber Army of Russia Reborn (CARR), previously implicated in Texas water facility intrusions. Government agencies and municipal personnel maintained collaborative containment efforts without further technical disclosures, focusing on restoring automated operations after verifying system integrity.