Computer expert Sean
McGurk, shown before a security exercise in 2010, says the government is acting
properly.
STORY HIGHLIGHTS
Federal officials are
investigating possibility "cyber attack" caused plant's pump failure
Water district noted
glitches in control systems for months before failure
Repair effort showed
the district's computer had been hacked
Washington (CNN) --
Federal officials confirmed they are investigating Friday whether a cyber
attack may have been responsible for the failure of a water pump at a public
water district in Illinois last week. But they cautioned that no conclusions
had been reached, and they disputed one cyber security expert's statements that
other utilities are vulnerable to a similar attack.
Joe Weiss, a noted
cyber security expert, disclosed the possible cyber attack on his blog
Thursday. Weiss said he had obtained a state government report, dated Nov. 10
and titled "Public Water District Cyber Intrusion," which gave
details of the alleged cyber attack culminating in the "burn out of a
water pump."
Such an attack would
be noteworthy because, while cyber attacks on businesses are commonplace,
attacks that penetrate industrial control systems and intentionally destroy
equipment are virtually unknown in the United States.
According to Weiss,
the report says water district workers noted "glitches" in the
systems for about two months. On Nov. 8, a water district employee noticed
problems with the industrial control systems, and a computer repair company
checked logs and determined that the computer had been hacked.
Weiss said the report
says the cyber attacker hacked into the water utility using passwords stolen
from a control system vendor and that he had stolen other user names and
passwords. Weiss said the Department of Homeland Security has an obligation to
inform industry about the "water pump" attack so they can protect
themselves from similar assaults.
But a DHS spokesman
said the cause of the water pump failure is unknown. The DHS and FBI are
"gathering facts," DHS spokesman Peter Boogaard said in a statement.
"At this time there is no credible corroborated data that indicates a risk
to critical infrastructure entities or a threat to public safety," he
said.
If DHS identifies any
useful information about possible impacts to additional entities, it will
disseminate it as it becomes available, Boogaard said.
And another computer
expert familiar with the incident said the government was acting properly.
"This is just
one of many events that occur almost on a weekly basis," said Sean McGurk,
former director of the National Cybersecurity and Communications Integration
Center. "While it may be nice to speculate that it was caused by a
nation-state or actor, it may be the unintended consequence of
maintenance," he said.
DHS does not have the
luxury of jumping to conclusions, McGurk said. "The department has to
ensure that they're sharing information in a way that's valuable to the
community," he said.
McGurk also said the
state report may be in error, especially if the writer was not a water or
control systems engineer. "We see that all the time -- initial reports
that turn out to be wrong," he said.
Weiss, a frequent
critic of DHS, said he was revealing details of the state document because he
believes other utilities should be aware of the incident so they could take
precautions. DHS should have distributed information about the attack through
several entities set up to share information, as well as to private industry
groups, he said.
Weiss declined to
identify the state -- or the region -- where the water utility was located,
saying the report was marked "For Official Use Only."
But in its statement,
the DHS said the water system was located in Springfield, Illinois.
By Mike M. Ahlers, CNN
CNN.com
No comments:
Post a Comment