Hacking Illinois Water: Seven Questions and Six Answers

The top technology story at the end of last week involved multiple news sources reporting a cyber attack that penetrated a US public water system in Illinois. Heres what we know, and what we dont.

by / November 21, 2011 0

The top technology story at the end of last week involved multiple news sources reporting a cyber attack that penetrated a US public water system in Illinois. Here’s what we know, and what we don’t.

Question 1) What happened to prompt the concern?

Answer:  An Illinois water system pump was (reportedly) turned on and off repeatedly until it failed.

According to the Breitbart article: Foreign cyber attack hits US Infrastructure: expert

“The Illinois Statewide Terrorism and Intelligence Center disclosed the cyber assault on a public water facility outside the city of Springfield last week but attackers gained access to the system months earlier according to Joseph Weiss (managing partner from Applied Control Solutions).

The network breach was exposed after cyber intruders burned out a pump.

‘No one realized the hackers were in there until they started turning on and off the pump,’ according to Weiss.”

 Question 2) Are we sure that the pump failed as a result of a cyber attack?

Answer: No, but it looks likely. The Daily Mail (UK) reported:  “The Department of Homeland Security confirmed that a water plant in Springfield, Illinois, had been damaged.

However spokesman Peter Boogaard said officials had yet to confirm that the pump failure was the result of a cyber-attack.”

Question 3) How did the hackers gain enough access to bring down the water pump?

Answer: According to a report from the Illinois Terrorism and Intelligence Fusion Center, cyber attackers broke into a software company’s database and got hold of user names and passwords of various control systems that run water plant computer equipment.

Computerworld reported:

“The attackers are thought to have obtained the usernames and passwords to the system by first breaking into a computer belonging to the utility's SCADA software vendor. SCADA vendors often maintain a list of usernames and passwords for accessing systems at customer locations for support purposes. Anyone with those credentials can gain access to the customer system, which is what appears to have happened here.”

Question 4) Was anyone harmed or did customers lose water service?

Answer: No. Other pumps and/or systems maintained service during the pump failures.

Question 5) Why is this such a big deal? Why is this a top story around the world if no one was hurt?

Answer: The potential ramifications of having a confirmed (successful) cyber attack against (any) critical infrastructure are enormous. Besides the implications for our water, there are fears of attack against transportation, electricity or other important infrastructure sectors. Yes, each sector has plans for defense.  

There are vulnerable critical infrastructure components, and there are many programs that attempt to protect these systems from a cyber or other attack.  NERC and other organizations have spent millions of dollars to start building the smart grid, which may also be susceptible to a cyber attack.

If this failure is confirmed as a cyber attack, the sense of urgency will only increase. Many experts believe that a 21st Century “cyber war” is coming and will be like the previous “cold war” of the 20th Century.

Movies like Live Free or Die Hard (“Die Hard 4”) demonstrate a worst-case cyber attack scenario against critical infrastructure – but remember this is fiction which is overdone to entertain. 

Question 6) Are there any other water systems or other utilities that were compromised by the same cyber incident?

Answer: This is still being investigated right now. Several sources believe that other systems may have been compromised. Either way, the implications to the wider Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) community are huge.

If you need help, each sector has plans and programs, but you can start with this Critical Infrastructure Protection (CIP) website at DHS.

Question 7) Was this a cyber “test” by the bad guys? Is this the beginning of a dangerous hacker trend?

Answer: You decide. Time will give us the answer, but we’d better plan for the worst while we hope for the best. Nevertheless, this should be a cyber wake-up call for America. 

 

Dan Lohrmann Chief Security Officer & Chief Strategist at Security Mentor Inc.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.

During his distinguished career, he has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader.
Lohrmann led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprisewide Chief Security Officer (CSO), Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) roles in Michigan.

He currently serves as the Chief Security Officer (CSO) and Chief Strategist for Security Mentor Inc. He is leading the development and implementation of Security Mentor’s industry-leading cyber training, consulting and workshops for end users, managers and executives in the public and private sectors. He has advised senior leaders at the White House, National Governors Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses and nonprofit institutions.

He has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web and BYOD for You: The Guide to Bring Your Own Device to Work. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington, D.C., to Moscow.

He holds a master's degree in computer science (CS) from Johns Hopkins University in Baltimore, and a bachelor's degree in CS from Valparaiso University in Indiana.

Follow Lohrmann on Twitter at: @govcso