Friday, November 25, 2011

Confusion over cyberattack on US water plant

Federal investigators have concluded that a burned out pump at an Illinois water treatment facility was not caused by foreign hacking, the Department of Homeland Security said Tuesday.

Illinois hit the headlines in America last Friday after it was suggested that the water plant may have been the subject of a cyberattack originating from Russia. But the denials have raised more questions than answers in the cyber security community.

Initial reports

CNN was just one of a number of broadcasters which ran with the story, and asked whether electricity, gas and telecommunications infrastructure was safe from hackers [CNN video].

Writing on his blog on Thursday 17th November, Joe Weiss, a noted cyber security expert, had disclosed the possible cyberattack claiming he had obtained an STIC [State Terrorism & Intelligence Center] report detailing a possible intrusion. The report, dated November 10th and titled "Public Water District Cyber Intrusion," gave details of the alleged cyberattack culminating in the "burnout of a water pump." [The Verge]

"No malicious traffic"

But one week on, the Department of Homeland Security [DHS] and the FBI said the failure was not due to a cyberattack. In an emailed statement to news organisations, DHS spokesman Chris Ortman said, "DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported."

Another DHS cybersecurity official, who spoke privately because he was not authorized to give interviews, said that while the company had some "pretty good logs" [of traffic in its system] there were likely to be "many reasons for a motor or pump to burn out." [MSNBC / CNET]

Texas plant also investigated

However the Illinois plant was not the only facility being investigated. US investigators said they were looking into claims that a hacker broke into computers at a Texas water system. The investigation was prompted after a hacker who goes by the handle "pr0f" had published schematic diagrams that appeared to be of facilities from the South Houston water system on a website known as Pastebin.com sometime on Friday [18th November]. Shauna Dunlap, a special agent with the FBI's Houston Division, said on Tuesday that the DHS was also assisting with the investigation.

Security concerns

Cybersecurity experts have warned for years that parts of the US critical infrastructure, particularly water and electrical plants, have only rudimentary defences against hackers. The important Supervisory Control and Data Acquisition [SCADA] systems which operate the plants is the focus of investigators. And cyber experts are advising companies to boost their security.

Stewart Baker, a cyber expert and DHS veteran, says that many companies often left default user names and passwords in place when they bought software, leaving their systems wide open to hackers.

While the FBI and DHS have said hackers were not involved in the Illinois incident, utility companies should not be complacent, Weiss and others warn. In his 17th of November blogpost, Weiss outlines a number of key concerns. Even following the denial by the FBI and DHS concerning hacking claims, Weiss maintains that a number of issues still need to be addressed. In a blogpost published 22nd November, Weiss says information needs to be disseminated in a more timely manner and that security still needs to be tightened.

Contradictory reports

Weiss also raises the question concerning contradictory reports being disseminated by authorities. The "DHS statement released recently appears to conflict with the STIC report and its positive statements that an event had occurred," Weiss says. "This begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility."

There will be some skepticism and confusion in the cyber security community due to the contradictory reports. Some may not even be aware of the dismissal by authorities concerning the case. Reports of the alleged hacking gained far more attention than the denial. While CNN reported on the apparent cyberattack, there was no prominent follow up report. The BBC, AFP and a number of other websites did publish the story, but many may well have missed it. As such there may be many who still believe Russian hackers attacked a US water plant. True or not, cyberattacks need to be taken seriously, and individuals and companies need to bolster their security to counter the very real threat.

tvnewswatch, London, UK

No comments: