A recent hands-on training hosted by Communities Unlimited (CU) and the Cybersecurity and Infrastructure Security Agency (CISA) brought a sobering reality to light: cyberattacks aren’t just a threat to big cities or tech companies. Rural water systems — often operating with limited staff and outdated infrastructure — may be among the most vulnerable.
On June 25, CU hosted its first in-person cybersecurity training focused specifically on rural water and wastewater utilities. Held at the Alexandria Mega Shelter in central Louisiana, the half-day session was co-led by Chris Brunson, CU’s Louisiana State Coordinator with the Community Infrastructure Team. The event brought together operators, city officials, and local leaders from across the state for a powerful learning experience centered on collaboration and crisis response.
The training featured CISA’s Community Cyber Readiness Tabletop Experience, a national model that walks participants through a fictional cyberattack. CISA — part of the U.S. Department of Homeland Security — is tasked with protecting the nation’s critical infrastructure from both physical and cyber threats. Their participation underscored the growing urgency around cybersecurity in rural communities.
This event wasn’t just a one-off. Since March, CU staff have been working directly with CISA to prepare for this launch. Their goal: develop a replicable training model that CU teams in other Southern states can roll out starting after October. During the Alexandria session, CU staff across the region joined remotely via Zoom to observe the training and begin planning similar workshops in their areas.
And the need is real.
Across the U.S., water systems are increasingly reliant on internet-connected industrial control systems (ICS) like SCADA (Supervisory Control and Data Acquisition), which allow operators to remotely monitor and manage treatment processes. When those systems are compromised, the consequences can be severe.
In early 2024, three small towns in the Texas Panhandle — Muleshoe, Hale Center, and Lockney — were targeted in a series of coordinated cyberattacks. In Muleshoe, hackers caused the water system to overflow before operators could regain manual control. Hale Center saw more than 37,000 login attempts in just four days before the system was disconnected. In Lockney, an attempted breach was stopped before any damage occurred — but it still served as a stark warning.
Cybersecurity firm Mandiant linked at least one of the incidents to CyberArmyofRussia_Reborn, a Russian hacktivist group that claimed responsibility online. However, analysts believe this group is likely a front or affiliate of Sandworm — a notorious unit of Russia’s military intelligence (GRU) responsible for some of the world’s most dangerous cyberattacks, including those that took down parts of Ukraine’s power grid in 2015, 2016, and again during the 2022 invasion.
The Texas incidents marked a chilling reminder that even small, rural U.S. communities are vulnerable to the same threat actors behind large-scale international cyberwarfare.
Catherine Krantz, CU’s Area Director of Broadband, said the training expanded the way participants think about infrastructure threats.
“We tend to have a narrow view of cybersecurity — like it’s just about protecting pumps or computers — but this training went further. It covered things like losing billing data, the importance of recent backups, and what happens if you're relying on someone else to manage your systems. If they drop the ball, you’re the one who suffers.”
— Catherine Krantz, Area Director of Broadband at Communities Unlimited
The training made clear that even systems with minimal online presence — local-only networks or physical billing systems — are still at risk. Weak passwords, outdated software, or third-party vendors can all serve as entry points for bad actors.
Keith Saucier, a maintenance supervisor and longtime water operator for systems in Ville Platte and Point Blue–Chataignier, said the training was a wake-up call.
“It made me realize we’ve got to be more mindful and careful with what we’re doing, what we’re clicking on, and how we’re saving things,” he said.
Participants were challenged to think in real-time: What do you protect first? Who do you call? What if your main system goes down?
Many were surprised to learn that CISA offers free tools and support, a lifeline for small communities operating on tight budgets. Financial and staffing constraints are exactly why federal lawmakers are taking action.
The proposed Cybersecurity for Rural Water Systems Act of 2025 would expand the USDA’s “Circuit Rider” Program to include cybersecurity professionals who can provide on-site support to small utilities. The bill has bipartisan support and is backed by the National Rural Water Association (NRWA), Cyber Solarium 2.0, and the Rural Community Assistance Partnership (RCAP) — a national network of nonprofits that support rural America. CU is the official RCAP partner for the Southern U.S.
Drew Jackson, of the Kisatchie-Delta Regional Planning & Development District, said the training opened his eyes to how interconnected systems really are.
“Something can happen in one area, and it ends up affecting a bunch of others,” he said.
Joy Hicks, a councilwoman from the Village of Dry Prong, said the real-life scenarios made cybersecurity feel less abstract.
“When you hear the word ‘attack,’ you picture something big and dramatic. But in reality, it can show up in smaller, unexpected ways — like garbage collection being delayed or schools having to close.”
— Joy Hicks, Councilwoman
Certified operator Cynthia Alexander left the training feeling better equipped.
“There are actually resources out there — not just for me, but for my company too,” she said.
The training was approved by the Louisiana Department of Health for four Continuing Education Units (CEUs), but most participants agreed the biggest value was the practical knowledge and confidence it provided.
According to recent industry reports, 62% of water and power utilities in the U.S. and U.K. were hit by at least one cyberattack last year — and 80% experienced multiple incidents.
CU and CISA plan to bring this training to other Southern states in the coming months, ensuring more communities are prepared before disaster strikes.
“Cybersecurity is a big deal. It made it clear just how important it is to protect our systems.”
— Keith Saucier, Maintenance Supervisor and Water Operator
