November 23, 2011    /    by

New Report: Illinois Water System Was Not Hacked

The Department of Homeland Security (DHS) announced that the Illinois water system in Springfield was not hacked.

  The Department of Homeland Security (DHS) announced that the Illinois water system in Springfield was not hacked.

 According to Reuters:

 "Federal investigators have concluded that a burned out pump at an Illinois water treatment facility was not caused by foreign hacking, the Department of Homeland Security said Tuesday.

DHS and the FBI were working with the Curran-Gardner Public Water District in Springfield, Illinois, to try to determine why the pump burned out earlier this month.

'DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported,' DHS spokesman Chris Ortman said in an emailed statement."

 Meanwhile, other reports, such as the BBC, chose to focus on the "FBI plays down claim that hackers damaged US water pump."

 "The FBI and the Department of Homeland Security said they had 'found no evidence of a cyber intrusion'.

The Illinois Statewide Terrorism and Intelligence Center (STIC) previously claimed a hacker with a Russian IP address caused a pump to burn out.

A security expert, who flagged up the story, said he was concerned about the conflicting claims."

  On Monday of this week, I published the blog: Hacking Illinois Water: Seven Questions and Six Answers. In that piece, I included this question and answer:

Question 2) Are we sure that the pump failed as a result of a cyber attack?

Answer: No, but it looks likely. The Daily Mail (UK) reported:  “The Department of Homeland Security confirmed that a water plant in Springfield, Illinois, had been damaged.

However spokesman Peter Boogaard said officials had yet to confirm that the pump failure was the result of a cyber-attack.”

It now appears as if this Illinois situation was a false alarm in regards to a foreign cyber attack. At the very least, the facts revealed cannot prove a cyber attack.

 If there is a lesson for the entire security and government technology communities, it may be this: Be careful what information and claims are released and when. Still, I believe that question seven in my original blog is still very relevant.

Any thoughts on this case?  Will a cyber attack on critical US infrastructure be coming soon?