Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack

America’s Critical Infrastructure Security Response System Is Broken: NetworkWorld

On December 1st, 2011, Ellen Messmer wrote for NetworkWorld on how the broken security response system for America's critical infrastructure led to the media firestorm over Springfield's burnt out water pump.  Again, the initial story was that hackers had broken into a Springfield water utility and destroyed a water pump; the DHS/FBI concluded that the water pump had simply burnt out, without the help of hackers. 

However, a media firestorm erupted when a security blogger got a hold of a preliminary report from an Illinois fusion center and published it.  According to the article, a fusion center is a DHS initiative for cities and states to create entities that collect utility information that has national security implications.  The Illinois fusion center initially (and wrongly) reported that a cyberattack had come from Russia.  The article notes that this report was meant to be confidential, and DHS saw the report long after the report went public.

In effect, the article argues that the Springfield water utility episode highlights how the US critical infrastructure security response needs work.

The rest of the article can be found here.

***

A few days ago I had written about comments made by the FBI's cyberdivision deputy assistant director, Mike Welch.  Mr. Welch had made comments to the effect that there had been more cyberattacks on critical infrastructure.  There hasn't been any reported news about those attacks.   However, buried at the bottom of a PCWorld article about how water utilities are still at risk, the author seems to have resolved the issue. 

The author indicates that he had too posted the comments from Mr. Welch, and the FBI contacted him to tell him that the "the quotes in the article were misleading, and taken out of context, and should not be construed as any sort of official statement or position of the FBI."  

For what it's worth, no one has confirmed or denied the authenticity of a cyberattack on a Houston water plant.

Leave a Reply