So, today’s episode is one of those stories that really does hit home. Not a bank breach. Not some government leak. I want to talk about the water coming out of your tap.
On March 14th, 2026, hackers dropped ransomware on a water treatment plant in Minot, North Dakota. Staff walked in that morning, saw a ransom note sitting on a server screen, and had to unplug the whole thing. For the next sixteen hours, plant operators were physically walking through the facility, reading gauges by hand — old school, the way it was done decades ago — while the FBI got the call.
The city says the water stayed safe. Nobody got sick. But this incident ripped the cover off a problem the cybersecurity community has been warning about for years: water infrastructure is dangerously exposed. And most people have no idea.
Today I want to unpack what happened in Minot, why water utilities are such soft targets, what SCADA systems actually are and why they are so difficult to defend, and what defenders and regulators are doing, and should be doing, about all of this.
– https://therecord.media: North Dakota Ransomware Water Plant
– https://www.cisa.gov: CISA — Adapting Zero Trust Principles to Operational Technology
