MRO Magazine

Cyberattack on water utility disables water pump

Illinois, USA -- A Russian cyberattack on the computer control systems of a US water utility system in the state of Illinois earlier this month burned out a water pump, according to a recent state report. The attack may be the first known...


Operations

November 19, 2011
By MRO Magazine
MRO Magazine

Industries

Illinois, USA — A Russian cyberattack on the computer control systems of a US water utility system in the state of Illinois earlier this month burned out a water pump, according to a recent state report. The attack may be the first known attempt to successfully destroy a piece of critical US infrastructure, say industrial control-system experts, according to a news story reported by the Christian Science Monitor.

The US Federal Bureau of Investigation and other agencies are investigating the Nov. 8, 2011, cyberattack, said Peter Boogaard, a spokesman for the US Department of Homeland Security (DHS), in a written statement. The name of the utility was not released.

The implications of the attack could be far broader than just wrecking a single pump. Hackers may have also stolen passwords and other information needed to gain access to many more water utility control systems across the United States, according to the Nov. 10 report by the Illinois Statewide Terrorism and Intelligence Center, a federal-state cooperative venture. Some of its details were revealed Thursday on the blog of Joe Weiss, president of Applied Control Solutions and a control-system security expert.

The attack occured just more than a year after the discovery of Stuxnet, the first publicly confirmed cyber superweapon – a digital guided missile that could emerge from cyberspace to destroy a physical target in the real world. Its target was Iran’s nuclear fuel facilities, and security experts predicted that copycat attacks on real-world industrial equipment could follow within a year or two.

Advertisment

The Nov. 8 attack in Illinois wasn’t a Stuxnet-type attack, but it suggests a higher level of interest among hackers in controlling industrial systems – and sabotaging them.

“This is a big deal,” Weiss says. “It’s arguably the first case where we’ve had critical infrastructure targeted by people outside the US and equipment damaged as a result. But the really big issue is that someone hacked a [software vendor who sells control systems to water utilities] just to get at the user-IDs and passwords for the utilities that were its customers.”

“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Ill.,” said Boogaard. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”

An analysis of the Illinois water utility company’s computer logs indicates the attack came from the Internet address of a computer in Russia. The Illinois centre’s report is titled “Public Water District Cyber Intrusion,” according to Weiss. He read sections of the report, marked “For Official Use Only,” to this reporter. The details were confirmed by a water industry expert, who has seen a similar official document and asked to remain anonymous for fear of being excluded from confidential reports in the future.

“Sometime during the day of Nov. 8, a water district employee noticed problems with the SCADA [Supervisory Control And Data Acquisition] system,” said Weiss, quoting the report. “It [the SCADA system] was going on and off, resulting in the burnout of the pump.”

A technician who checked the logs of the SCADA system found that “the system had been remotely hacked into from an IP address located in Russia,” Weiss said, continuing from the report.

But the hackers had likely been inside the utility’s computer systems for at least several months because “workers had begun to notice minor glitches” in the system access function as early as September, Weiss said.

The report also said:  “It is unknown at this time the number of SCADA usernames and passwords acquired from the software company’s database, and if any additional SCADA systems have been attacked as a result of the theft.”

If true, the theft could have alarming consequences, because it indicates hackers infiltrated the Illinois control system only after gaining access to it apparently from a software supplier to the utility, Weiss said and other experts confirmed.

More details on this Christian Science Monitor story can be found here: http://www.csmonitor.com/USA/2011/1118/Cyberattack-on-Illinois-water-utility-may-confirm-Stuxnet-warnings.