Illinois water pump failure not a cyberattack

Share this article:
An Illinois water utility pump failure was not the result of a cyberattack, as previously was suspected, the U.S. Department of Homeland Security (DHS) has announced.

After its investigation into the water pump failure at the Curran-Gardner Public Water District in Springfield, Ill., the DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), working with the FBI, found no evidence that hacking was involved, according to the bulletin released on Wednesday.

The incident was previously described as a foreign cyberattack, according to a Nov. 10 report titled “Public Water District Cyber Intrusion" and issued by the Illinois Statewide Terrorism and Intelligence Center (STIC).

That report said an attack carried out from an IP address in Russia caused the water utility's supervisory control and data acquisition (SCADA) system to power on and off, causing a pump to burn out. Officials believed the attack was perpetrated by hackers stealing customer credentials from a SCADA vendor. 

However, the DHS disagrees.

“There is no evidence to support claims made in the initial Illinois STIC report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant,” the DHS bulletin reads.

But Joe Weiss, managing partner of SCADA security firm Applied Control Solutions, criticized the DHS for being so quick to rule out a cyberattack.

“We don't have cyber forensics and minimal cyber logging for control systems,” Weiss told SCMagazineUS.com on Monday. “What was said by DHS was true, but only half the story. They said there is no evidence that a cyberattack occurred. There is no evidence that a cyberattack didn't occur either.”

In its bulletin, the DHS said it was still looking into what made the pump fail. According to a report in the Washington Post, however, the incident was caused by a plant contractor, who remotely accessed the system from Russia, where he was traveling.

Weiss said he didn't buy such a scenario.

“Did it occur?" he asked. "I don't know, Does it sound fishy that the contractor for [Curran-Gardner Public Water District] was in Russia for personal business and he's logging into the SCADA system? I don't know which is worse, if the story is true or not true.”

He added that the DHS' response to the incident may cause other state terrorism and intelligence centers to withhold information about potential cyberattacks in the future, for fear of being discredited.

Meanwhile, in a separate incident, a hacker with the alias "pr0f," last week posted on Pastebin what appeared to be proof of an intrusion into the systems of a water supplier in the Houston area.

The hacker posted images of the desktop interface of the utility's SCADA system. ICS-CERT is assisting the FBI with the investigation.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.