Market Sectors

block 10


IL water system pump failure not cyber attack

New reports on Nov. 28 backed initial DHS skepticism that the failure of a pump at an Illinois water utility was a foreign cyber attack on the system’s supervisory control and acquisition system.

The Washington Post reported on Nov. 28 that the failure of a water pump was the result of an error by one of the utility’s contractors who was travelling in Russia at the time and accessing the SCADA system remotely. The report backs earlier conclusions by DHS cyber security teams that the failure of the pump at Curran-Gardner Public Water District in Springfield, IL, wasn’t the work of Russian cyber criminals or agents.

The pump’s failure in early November was widely reported to have been the first successful cyber attack on a physical facility. The pump was instructed electronically to cycle on and off repeatedly, which burned it out.

The Illinois Statewide Terrorism & Intelligence Center (STIC) had issued a report on the incident in its Nov. 10 Daily Intelligence Notes titled “Public Water District Cyber Intrusion” that detailed initial findings of anomalous behavior in a SCADA system at a Central Illinois public water district. The report also alleged a malicious cyber intrusion from an IP address located in Russia that caused the SCADA system to power on and off, resulting in the burn out.

The Department of Homeland Security’s Industrial Control Systems- Cyber Emergency Response Team (ICS-CERT) said in a Nov. 23 post on its website that the suspicion of a cyber attack wasn’t supported.  It said initial analysis of log files couldn’t validate any evidence to support the assertion that a cyber intrusion had occurred.

ICS-CERT said it reached out to Curran-Gardner Public Water District, to gather detailed information and offer support and analytics to uncover what caused the pump to fail, but said there still wasn’t evidence of a cyber attack.

“After detailed analysis of all available data, ICS-CERT and the FBI found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District,” it said. To reach that conclusion, ICS-CERT and the FBI deployed fly-away teams to interview personnel, perform physical inspections, and collect logs and artifacts for analysis.

“In addition, there is no evidence to support claims made in the initial Illinois STIC report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant,” it said.  “In addition, DHS and the FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported,” it said.


Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...