Well, we knew this day was coming.
On November 18th, 2011, Kim Zetter reported for Wired on how hackers may have taken control of a city water utility in Springfield, Illinois, and then proceeded to destroy a water pump. The hackers were discovered when water district employees kept having problems with the computer system that controls the pumps (called a SCADA system).
This is where things get interesting. Zetter writes that forensic evidence indicates that the attacks were launched from Russian IP addresses, the hackers may have been in the network as early as September, and the hackers likely infiltrated the system after hacking the software vendor that makes the SCADA system. Even worse, Zetter says that the hackers stole login credentials for a number of public utilities from that same SCADA vendor; as such, additional SCADA systems at other utility plants could possibly be attacked.
It's not absolutely certain that the Illinois SCADA system was hacked. The article quotes DHS spokesman Peter Boogaard as saying “DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois . . . At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”
Moreover, much of the article's information comes from a blog post from noted cybersecurity expert Joe Weiss. Weiss based his information off of an Illinois Public Water District Cyber Intrusion report.
The Wired article can be found here.
***
Mike Ahlers reported for CNN and urged caution about the news of the water pump. Specifically, Ahlers noted that Federal officials had come to no conclusions as to who, if anyone, was responsible for the water plant's troubles. Moreover, the article quoted Sean McGurk, former director of the National Cybersecurity and Communications Integration Center, as saying "This is just one of many events that occur almost on a weekly basis . . . While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance." Further, McGurk noted that the Illinois report may simply be wrong, and that no one should jump to any conclusions….yet.
The CNN article can be found here.
Leave a Reply