Earlier this year, in my home state of Texas, Russian cyberterrorists reportedly hacked into the city of Muleshoe’s water treatment facility computer systems, flooding the water tank that supplies drinking water for this small town of 5,000 people. This was one of three attacks levied on small water providers in rural Texas this year — at least one of which has been reportedly linked to Russian hackers — which narrowly avoided cataclysm thanks to these older systems possessing the ability to “pull the plug” and resume operations manually.
Even with a blunted imagination, the harm that could befall Americans if Russians, Iranians, and the Chinese further ratchet up the frequency of cyberattacks on our water systems is astounding.
The recent attacks on Texas and elsewhere underscore a national crisis that is silently transpiring. As I outlined in a new research paper, the history of public policy for critical infrastructure cybersecurity is punctuated by a reactionary, fragmented system of governance.
When the Russian cybercriminal group DarkSide successfully brought down the Colonial Pipeline and received $4.4 million in ransom payments to reward their efforts, then and only then did it drive the federal government to take substantive action to protect the digital security of our pipelines. And while there is still tremendous work needed to harden our grid, health care, and nuclear digital targets, these sectors have received more federal attention than water due to palpable harms that have ensued from successful cyberattacks here and abroad.
When it comes to water,
