After its investigation into the water pump failure at the Curran-Gardner Public Water District in Springfield, Ill., the DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), working with the FBI, found no evidence that hacking was involved, according to the bulletin released on Wednesday.
The incident was previously described as a foreign cyberattack, according to a Nov. 10 report titled “Public Water District Cyber Intrusion" and issued by the Illinois Statewide Terrorism and Intelligence Center (STIC).
That report said an attack carried out from an IP address in Russia caused the water utility's supervisory control and data acquisition (SCADA) system to power on and off, causing a pump to burn out. Officials believed the attack was perpetrated by hackers stealing customer credentials from a SCADA vendor.
However, the DHS disagrees.
“There is no evidence to support claims made in the initial Illinois STIC report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant,” the DHS bulletin reads.
But Joe Weiss, managing partner of SCADA security firm Applied Control Solutions, criticized the DHS for being so quick to rule out a cyberattack.
“We don't have cyber forensics and minimal cyber logging for control systems,” Weiss told SCMagazineUS.com on Monday. “What was said by DHS was true, but only half the story. They said there is no evidence that a cyberattack occurred. There is no evidence that a cyberattack didn't occur either.”
In its bulletin, the DHS said it was still looking into what made the pump fail. According to a report in the Washington Post, however, the incident was caused by a plant contractor, who remotely accessed the system from Russia, where he was traveling.
Weiss said he didn't buy such a scenario.
“Did it occur?" he asked. "I don't know, Does it sound fishy that the contractor for [Curran-Gardner Public Water District] was in Russia for personal business and he's logging into the SCADA system? I don't know which is worse, if the story is true or not true.”
He added that the DHS' response to the incident may cause other state terrorism and intelligence centers to withhold information about potential cyberattacks in the future, for fear of being discredited.
Meanwhile, in a separate incident, a hacker with the alias "pr0f," last week posted on Pastebin what appeared to be proof of an intrusion into the systems of a water supplier in the Houston area.
The hacker posted images of the desktop interface of the utility's SCADA system. ICS-CERT is assisting the FBI with the investigation.