U.S. Government Issues Warning on Iran-Linked Cyberattacks Targeting Water and Energy Systems

U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Tuesday regarding a series of cyberattacks on water and energy systems across the United States. The attacks were attributed to hackers backed by Iran's Islamic Revolutionary Guards Corps.

The notice was released in coordination with the Federal Bureau of Investigation, the National Security Agency, and the Energy Department. The warning stated that the purpose of the attacks was to cause disruptive effects within the United States. It specified that the hackers targeted programmable logic controllers produced by Rockwell Automation, a major American manufacturer of Allen-Bradley controllers.

These controllers are widely used in industrial settings, including utilities. No specific facilities were named in the warning, and it did not indicate whether any damage had occurred. The notice advised utilities and government agencies to ensure that Rockwell Automation controllers were not connected to the internet.

This recommendation aimed to mitigate potential risks from the ongoing attacks.

The warning comes amid longstanding tensions in U.

-Iran relations, including past cyber incidents. Sixteen years ago, the United States and Israel conducted a cyber operation known as Stuxnet that targeted Iran's nuclear centrifuges through Siemens controllers. Following that event, Iran developed its own cyberattack capabilities, including offensive groups.

The current alert highlights vulnerabilities in critical infrastructure, which includes water treatment plants, power grids, and energy distribution networks. These systems support essential services for millions of Americans, and disruptions could affect public health, economic activity, and national security.

Affected entities include municipal utilities, private energy companies, and federal agencies overseeing infrastructure.

response to the warning, affected sectors are expected to conduct vulnerability assessments and implement network segmentation for industrial control systems.

CISA plans to provide further technical guidance to help organizations identify and patch exposed equipment. Ongoing monitoring by federal agencies will continue to track the threat, with potential for additional alerts if the attacks escalate. The incident underscores the growing role of state-sponsored cyber operations in geopolitical conflicts.

International cooperation on cybersecurity norms remains limited, complicating efforts to deter such activities. Stakeholders, including industry groups and policymakers, may push for enhanced regulations on critical infrastructure protections in the coming months.