Lawmakers from both parties look to Mayorkas to explain Russian cyberattacks on US water systems

A bipartisan group of lawmakers is demanding answers from the Biden administration concerning the hacking of U.S. water systems nationwide.

Last month National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan submitted a letter to state governors warning them that “disabling cyberattacks are striking water and wastewater systems throughout the United States.”

“These attacks have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities,” they wrote.

“We are writing to describe the nature of these threats and request your partnership on important actions to secure water systems against the increasing risks from and consequences of these attacks,” they added.

A month later, Rep. Ruben Gallego, a Democrat, and Rep. Pat Fallon, a Republican, are seeking more answers.

In a letter addressed specifically to Homeland Security Secretary Alejandro Mayorkas, the two lawmakers asked for a briefing regarding a January attack that affected the water system in Muleshoe, Texas.

“The two lawmakers sent a list of questions to Mayorkas, asking what actions his department is taking to respond to the hack against Muleshoe’s water system, what steps he is taking to protect the nation’s water facilities and other critical infrastructure from disruption and what lessons his department has learned from previous hacks, pointing to an incident last year when an Iranian regime-linked cyber group conducted a hack against a water authority in Pennsylvania,” according to Fox News.

“The letter marks the second time since December of last year that Gallego has requested a briefing from Mayorkas about DHS protection of U.S. water facilities and other critical infrastructure from adversary disruption,” Fox News notes.

What’s known is that the hacking attack on Muleshoe is believed to have been carried out by Russian operatives.

“In Muleshoe, a town of about 5,000 people, the hackers broke into a remote login system for industrial software that allows operators to interact with a water tank,” CNN reported.

“The water tank overflowed for about 30 to 45 minutes before Muleshoe officials took the hacked industrial machine offline and switched to manual operations. … Muleshoe officials replaced the hacked software system and took other steps to secure the network,” according to CNN.

Following the hack, the hackers reportedly published a video online of Muleshoe’s water-control systems.

“We’re starting another raid on the USA,” they wrote in a Russian-language caption, adding that they would, in the video, show how they’d exploited “a couple critical infrastructure facilities, namely water supply systems.”

According to The Washington Post, a Russian hacking group known as Sandworm is believed to be responsible. The group is also responsible “for briefly turning out the lights in parts of Ukraine at least three different times; hacking the Olympics Opening Games in South Korea in 2018; and launching NotPetya, one of the most damaging cyberattacks ever that cost businesses worldwide tens of billions of dollars.”

That said, the fact that Sandworm is now targeting the U.S. water supply versus stuff in Ukraine is highly concerning to experts like John Hultquist of the cybersecurity firm Mandiant.

Hultquist for his part believes Sandworm is part of Russia’s military spy agency, GRU.

“We’ve been saying for a long time that [Sandworm] is just a front for the GRU,” he said. “Then we see them take credit for these acts in the U.S. against water utilities. Is GRU behind these attacks? If it isn’t GRU, whoever is doing this is working out of the same clubhouse. It’s too close for comfort.”

As to how Sandworm got access to Muleshoe’s water system, experts believe they used a “brute force” method to crack the password. It didn’t help that the password hadn’t been changed in 10 years.

“You don’t think that’s going to happen to you. It’s always going to happen to the other guy,” Muleshoe’s city manager, Ramon Sanchez, told the Post.

The good news is that the hacking has inspired changes in Muleshoe.

“We learned,” Sanchez said. “The biggest lesson is that we have to always be proactive and always update our cybersecurity. I would have never thought that somebody tied to the Russian military would target Muleshoe.”

Vivek Saxena


We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.

Latest Articles