FBI, DHS Say No Evidence of a Hack in an Illinois Water District Pump Failure

The FBI and Department of Homeland Security say they can't find evidence to confirm any of the story that an Illinois water authority's SCADA network was hacked and that it resulted in burning out a pump in the system.

"There is no evidence to support ... claims that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," according to a story published by the BBC.

BACKGROUND: Apparent cyberattack destroys pump at Ill. water utility

"In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported."

Word of a possible hack of the supervisory control and data acquisition (SCADA) system came out last week in a blog by Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book Protecting Industrial Control Systems from Electronic Threat.

Weiss says he saw a document from the Illinois Statewide Terrorism and Intelligence Center (STIC) that that states user names and passwords were stolen from the SCADA consultant to the Curran-Gardner water district. The district noted what are referred to as glitches in its remote access system over the past few months.

Then earlier this month, someone accessing the network from a Russian IP address managed to turn the SCADA system on and off, which also turned the pump on and off, which resulted in its failure, he says.

The investigation by federal agencies found nothing to back up the story, but it didn't report any alternative reason for the pump problem.

The federal statement is at odds with a statement made by the chairman of the water authority Don Craver, to WLS-TV in Chicago.

"There's some indication there was a breach of some sort into a software program -- the SCADA system -- that allows remote access to the wells, and the pumps, and those sorts of things," Craver is quoted as saying.

Weiss says in a later blog that the notification he read from Illinois STIC should have been enough to trigger a cyber-attack response. "If DHS turns out to be correct in its assumptions, then anyone acting on the STIC warning would have been wasting precious resources addressing a problem that doesn't exist."

He says the system for issuing warnings needs to be scrutinized. If the STIC report is true, there was no response as there should have been. If the DHS is right, the STIC made an error that it hasn't acknowledged. The situation as it exists lacks both timely notification if there was an incident, and correct information if there wasn't.

Read more about wide area network in Network World's Wide Area Network section.

Copyright © 2011 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022