Why it Matters
A cybersecurity firm's report published just 11 days before the hearing documents the first known AI-assisted cyberattack on water utility infrastructure internationally. Federal agencies have separately warned that Iranian-linked hackers are actively targeting U.S. water systems.
The House Science, Space, and Technology Committee's Subcommittee on Environment is scheduled to examine how federally funded research can be applied to defend water infrastructure against these threats. It's a question with direct consequences for the more than 26 million Americans whose drinking water systems have been found to carry critical or high-risk cybersecurity vulnerabilities.
The Threat Landscape
On May 8, 2026, cybersecurity firm Dragos published a report documenting an intrusion campaign that targeted nine Mexican government entities between December 2025 and February 2026, including Servicios de Agua y Drenaje de Monterrey, a water utility. The attackers used Anthropic's Claude and OpenAI's GPT models to generate malicious scripts targeting operational technology systems. Dragos analyzed 350 artifacts from the intrusion.
"In late February 2026, researchers at Gambit Security recovered a vast collection of materials related to a large-scale compromise of multiple Mexican government organizations between December 2025 and February 2026 and identified substantial evidence that an unknown adversary had leveraged Anthropic's Claude and OpenAI's GPT AI models to carry out core intrusion activities," wrote Jay Deen, associate principal adversary hunter at Dragos, according to Cybersecurity Dive.
That report came less than two weeks before the scheduled hearing, but it arrived on top of an increasing record of concerns. In April 2026, the FBI, CISA, EPA, and NSA issued a joint cybersecurity advisory warning that Iran-linked hackers were actively exploiting internet-exposed Programmable Logic Controllers (PLCs) across U.S. water, wastewater, and energy facilities. The advisory specifically flagged Unitronics PLC devices with Human-Machine Interfaces (HMIs) as targets. Politico reported on the advisory on April 7.
The EPA's Office of Inspector General added further dimension to the problem, releasing findings that identified critical or high-risk cybersecurity vulnerabilities in 97 drinking water systems serving more than 26 million people, drawn from a broader examination of more than 300 water systems.
The Legislative Backdrop
Several bills in the 119th Congress have sought to address water system cyber threats directly. The Water Cybersecurity Enhancement Act of 2025, S.1549, was introduced in the Senate to strengthen water sector cyber defenses. A bipartisan pair of bills, H.R.2109 and S.1018, known as the Cybersecurity for Rural Water Systems Act, would establish a cybersecurity circuit rider program to deliver technical assistance to small and rural water utilities, which tend to have the fewest resources to defend against intrusions.
Congress also temporarily extended cyber threat information-sharing authorities through January 30, 2026, restoring liability protections and federal funding access for water utilities, according to Nossaman.
On the Senate side, Sen. Sheldon Whitehouse, ranking member of the Senate Environment and Public Works Committee (EPW), has flagged the issue publicly. "All water utilities without adequate cyber security are at risk, regardless of size," Whitehouse said, according to the Senate EPW Committee.
The Science Committee's framing around research-driven approaches positions the hearing around what federal science agencies, including the EPA and potentially the National Science Foundation, can contribute to hardening water infrastructure, a question that carries budget implications given the current administration's posture toward federal research spending.
The Hearing
The House Science, Space, and Technology Committee's Subcommittee on Environment will hold the hearing "Research-Driven Resilience: Applying Science To Secure U.S. Water Systems From Cyber Threats" on May 19, 2026 at 2:00 p.m. in 2318 Rayburn House Office Building. Rep. Scott Franklin chairs the subcommittee, with Rep. Gabe Amo Jr. serving as ranking member.
Other members of the subcommittee include Reps. Suzanne Bonamici, Deborah Ross, Zoe Lofgren, Max Miller, David Rouzer, Nick Begich III, Jeff Hurd, and Brian Babin.
Access the Legis1 platform for comprehensive political news, data, and insights.