Illinois Water Pump Failure Was Not Caused by Hackers, Authorities Stress

TMCnet Feature Free eNews Subscription

November 23, 2011

Illinois Water Pump Failure Was Not Caused by Hackers, Authorities Stress

By Beecher Tuttle, TMCnet Contributor

After investigating the situation themselves, the FBI and the Department of Homeland Security on Tuesday dismissed earlier reports that hackers had broken into the network that controls an Illinois public water utility, causing a pump to fail.

"After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois," the two organizations said in a joint statement provided to CNET.

"There is no evidence to support claims made in initial reports -- which were based on raw, unconfirmed data and subsequently leaked to the media -- that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," the statement continued.

The FBI and the Department of Homeland Security also denied earlier reports that the source of the attacks stemmed from Russia, as a number of media outlets had claimed.

The alleged attacks were first revealed to the public on the blog of control systems expert Joe Weiss, who said that the supervisory control and data acquisition (SCADA) system that powers the pump was hacked and customer usernames and passwords were stolen. Weiss said that the physical damage occurred after the SCADA system was powered on and off continually.

His comments were based on a report from the Illinois State Fusion Center, also known as the Illinois Statewide Terrorism and Intelligence Center (STIC), which speculated that a hacker could have been involved in the mechanical failure.

Weiss took to his blog on Tuesday to confirm that his earlier comments were based solely on the formal disclosure announcement by STIC, which came out seven days before his initial blog post. Weiss seems awestruck with the fact that many water organizations didn't learn about the event until his post, and that the DHS and STIC seem to have a disconnect on what occurred.

"The DHS statement released recently appears to conflict with the STIC report and its positive statements that an event had occurred," he wrote. "This begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility."

The initial reports were especially disconcerting considering recent expert speculation that large-scale industrial control system attacks are highly feasible. Consulting firms have found multiple vulnerabilities in power plants, correctional facilities and other U.S.-based institutions that rely on industrial controllers.

Beecher Tuttle is a TMCnet contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves

» More TMCnet Feature Articles

Get stories like this delivered straight to your inbox. [Free eNews Subscription]

SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

Can Tech Transform Your Business? Here's How!

Can You Hear the Future? The Evolution of Remote Work Tools Shapes Tomorrow's Office

Can High-Tech Car Safety Features Save Lives? Why Aren't They Standard Yet?

Description Writing Services: Elevate Your Product Appeal with Expert Copy

Ebook Writer to Hire: Choosing the Perfect Ghostwriter for Your Next Bestseller

» More TMCnet Feature Articles