UPDATED 11:50 EDT / NOVEMBER 23 2011

NEWS

Department of Homeland Security Slams Reports of Cyber Sabotage at Illinois Water Pump

The Department of Homeland Security has revved up their engines to run circles around widespread media reports that hackers had taken control of a water pumping station in Springfield, Illinois. The report of the hacking incident suggested that Russian IP addresses had been implicated in damaging a piece of critical water infrastructure; this was based entirely on revelations by Joe Weiss, security consultant and managing partner of Applied Control Solutions.

At the time DHS spokespeople urged caution in thinking that hackers had allegedly attacked and sabotaged the pump; now they’re back for blood less than a week later to take the wind out of the sails of the report.

KrebsOnSecurity wrote up a lengthy examination of the allegations levied by Weiss and the response received from the DHS on the matter. In which the DHS roasted Weiss’ analysis of the situation and continued to hold fast to their initial caution that no evidence suggested that this indeed was a cyber incident, citing that Weiss lacked any solid evidence or information to support his claims.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the DHS tasked with investigating these events, said they could find nothing to connect the incident to anything cyberterrorism related. In their report they went on to scathe the lack of evidence,

“There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant,” the ICS-CERT alert states. “In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported.  Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.”

Weiss has since blogged about the ICS-CERT statement, and he’s not convinced.

“The real thing that bothers me is how could there be such substantial amount of information provided where a lot of it is really a simple yes or no situation,” Weiss said. “Was there a Russian [Internet] address involved or wasn’t there? The Illinois facility also said their technician had observed these abnormalities for 2-3 months. Well, either he did or he didn’t.”

As part of the ICS-CERT report, also mentioned was another water infrastructure facility apparent cyber incident that happened in Texas as widely reported last week. In that intrusion a hacker using the handle “prof” claimed to have gotten access to a water control systems plant, he even published screenshots online.

The ICS-CERT says only that it’s still investigating that incident as well.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU