Arkansas City, a small city in Kansas, says its water treatment facility was forced to switch to manual operations while a cybersecurity incident is being resolved.

The incident, described by local media as a cyberattack, was discovered on the morning of September 22 and led to precautionary measures being taken “to ensure plant operations remained secure”, the city announced in an incident notice.

According to city manager Randy Frazer, the water supply has not been affected and the incident has not caused disruption to service.

“Despite the incident, the water supply remains completely safe, and there has been no disruption to service. Out of caution, the water treatment facility has switched to manual operations while the situation is being resolved,” Frazer said.

He also noted that the city has full control of the situation and reassured residents that the drinking water is safe.

Arkansas City says it has notified the relevant authorities of the incident and that they are working with cybersecurity experts to address the issue and return the facility’s operations to normal.

“Enhanced security measures are currently in place to protect the water supply, and no changes to water quality or service are expected for residents,” the city said.

While the city’s notification does not share further details on the incident, it appears that the water treatment plant might have fallen victim to a ransomware attack.

Switching to manual operations suggests that systems were shut down to contain the attack, which is the typical response to incidents involving ransomware.

SecurityWeek has emailed Arkansas City for additional information on the incident and will update this article as soon as a reply arrives.

It’s not uncommon for US water facilities to be targeted by threat actors and the government has been taking steps to increase the water sector’s resilience to cyberattacks. 

Related: White House Issues National Security Memorandum for Critical Infrastructure

Related: DHS Launches New Critical Infrastructure Security and Resilience Campaign

Related: Snap-on Tools Hit by Cyberattack Claimed by Conti Ransomware Gang