The Cyber Attack on a Texas Water Utility is a Wake-Up Call

The recent cyberattack on Muleshoe, Texas, serves as a frightening reminder of the critical importance of protecting water utilities from cyber threats. According to news reports, in January the system that controls the city‘s water supply was hacked sending thousands of gallons of water flowing into the street. The suspected Russian hackers even posted a video showing how they reset the water-control system. The incident serves as a stark wake-up call, underscoring the vulnerability of small and medium-sized water utilities to cyber threats.

This unfortunate event, however, is not an isolated case. Across the United States, water and wastewater systems are increasingly targeted by cybercriminals due to their critical role in public health and safety.

Recognizing the urgent need for action, the Cyber Readiness Institute (CRI), the Center on Cyber and Technology Innovation (CCTI), and Microsoft have partnered to launch a pilot program tailored specifically to the unique challenges faced by water utilities. Small and medium-sized utilities encounter too many obstacles in their efforts to bolster cybersecurity. Limited resources, technical expertise, and aging infrastructure compound the challenge, leaving these vital organizations exposed to potential cyber exploitation. Moreover, the interconnected nature of modern systems amplifies the risk, necessitating comprehensive and proactive measures to mitigate threats effectively.

A key component of addressing these challenges lies in education and training. The Cyber Readiness Program (CRP) offered by CRI equips employees with the knowledge and skills needed to identify and respond to cyber threats. By fostering a culture of cyber readiness, utilities can enhance their resilience and minimize the likelihood of successful attacks.

The early successes of the free program in empowering utilities to confront cybersecurity challenges head-on are encouraging. Through the guidance of Cyber Coaches, participating utilities have developed robust policies, implemented training initiatives, and adopted multifactor authentication (MFA) measures. These proactive measures not only bolster cyber resilience but also serve as a testament to the importance of ongoing support and collaboration. So far, 27 utilities have completed the program and 41 utilities are currently working toward certification with the support of Cyber Coaches.

“Despite this early progress, the mission to enhance cybersecurity in the water sector is far from over. Continued engagement, collaboration, and investment are imperative to address existing vulnerabilities and fortify critical infrastructure against evolving threats,” noted Karen S. Evans, Managing Director of the Cyber Readiness Institute. “By harnessing the collective expertise of industry stakeholders, policymakers, and cybersecurity professionals, we can build a resilient and secure water infrastructure for communities.”

Find out more about the Phased Critical Infrastructure Pilot: Resiliency for Water Utilities.