Critical infrastructure operators at the water treatment plant in Minot, North Dakota, were forced to resort to manual processes when its Supervisory Control and Data Acquisition (SCADA) system became inoperable as a result of a March 14, 2026, ransomware attack. The attackers are unidentified, but it comes in the wake of the war in Iran, and both Iran and China are known to lead cyber-attacks against water utilities, which often have vulnerabilities that make them easy targets. Last month, the Water Information Sharing and Analysis Center, along with information sharing organizations for the auto, aviation, food, health, IT, national defense, oil and natural energy, and retail and hospitality industries issued a Joint Advisory to their members, including water facilities, warning them of increased cyberattacks from Iranian hackers, as well as physical attacks against critical infrastructure entities. The warning concluded by stating that “the threat environment is likely to remain highly volatile.”
Minot’s water system provides water to approximately 80,000 users. Although the water supply and quality were not affected by the attack, operators were required to manually read gauges for 16 hours while they uninstalled the compromised SCADA system. It has taken Minot over two weeks to spin up a new server.
Since water facilities are a target for nation state cyber actors, the state of New York recently introduced cybersecurity standards for both drinking and wastewater treatment facilities. Other states will hopefully follow suit so the water supply and quality available will be less vulnerable to attack.
Critical infrastructure operators should be aware of the heightened risk, prepare for an attack, and test their incident response processes through a cybersecurity tabletop exercise that is designed to address a shut down so processes can be improved and services restored as efficiently as possible. We all depend on the basic necessities of food, water, electricity, and access to financial services, all of which could be downed by an attack and dramatically impact our lives. We depend on critical infrastructure operators to have measures in place to prevent and mitigate the effects of an attack.
