The City of Minot notified the FBI and coordinated with the Water Information Sharing and Analysis Center (WaterISAC). The attackers have not been identified, though Iran and China are known to target vulnerable water utilities. The incident occurred amid a March 2026 joint advisory from WaterISAC and cross-sector groups warning of Iranian hacker threats tied to ongoing U.S. military operations in the Middle East. Public disclosure came around April 9, 2026.
The attack underscores a documented vulnerability in U.S. water infrastructure. An EPA 2024 report identified 97 high-risk water systems nationwide, and the incident follows warnings about heightened threats to critical infrastructure amid geopolitical tensions. New York has recently introduced cybersecurity standards for water facilities; other states face pressure to implement similar measures. Attorneys representing water utilities and municipalities should monitor emerging state-level cybersecurity mandates and assess whether their clients' SCADA systems meet evolving compliance standards.