Feds probing possible cyberattacks at Illinois, Texas utilities
Water utilities across the country are being urged to step up their cybersecurity in the wake of two incidents in which hackers gained access to computer systems that control pumps, pipes and reservoirs.
“We have alerted our members to these two possible incidents and advised them to monitor their [computer] systems and review their protection” procedures, Michael Arceneaux, deputy executive director of the Association of Metropolitan Water Authorities, told The Washington Times.
Federal officials said they were investigating, but downplayed the incidents, saying there was no evidence of a threat to public safety.
Earlier this month, the Illinois Statewide Terrorism and Intelligence Center reported a cyber-attack on a small, rural water utility outside Springfield. Hackers, apparently based in Russia, gained access to the utility’s computer systems and burned out a water pump by turning it on and off repeatedly, the center said in a bulletin dated Nov. 10. If the report is correct, it would the first cyber-attack against U.S. infrastructure by foreign hackers.
On Friday, a hacker calling himself “Pr0f” posted screen shots from his computer showing him logged onto the control system of a water utility in the Texas town of South Houston. He said he had hacked the system to demonstrate the “insanely stupid” attitudes of federal officials who were playing down reports of the Springfield attack.
“I wouldn’t even call this a hack,” Pr0f wrote. “This required almost no skill and could be reproduced by a 2-year-old.”
He said the control systems were easily accessible from the public Internet, but that he had not damaged them because “I don’t really like mindless vandalism. It’s stupid and silly.”
In both the Illinois and Texas cases, the cyber-attacks targeted special computerized equipment that remotely controls water pumps, pipelines and reservoirs. Such equipment, known as Supervisory Control and Data Acquisition (SCADA) systems or Industrial Control Systems (ICS), is widely used by water and sewage systems, power stations, oil refineries, chemical plants and other vital industrial infrastructure in the U.S. and around the world.
ICS increasingly has been the target of hackers since the Stuxnet cyber-attack crippled the Iranian nuclear program in 2009.
“We’ve been advised that there may have been a cyber-attack against our SCADA system,” Donald M. Craven, one of seven elected trustees of the Curran-Gardner Public Water District near Springfield, told The Times on Sunday.
The Department of Homeland Security and the FBI “are gathering facts surrounding the [Illinois] report,” Homeland Security spokesman Peter Boogaard said Friday. “At this time, there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”
“I dislike, immensely, how the DHS tend to downplay how absolutely [expletive] the state of national infrastructure is,” Pr0f responded.
A Homeland Security Department spokesman had no immediate response to Pr0f’s comments.
Rep. James R. Langevin, Rhode Island Democrat and a member of the House Permanent Select Intelligence Committee, predicted more and worse cyber-attacks on civilian U.S. infrastructure.
“These sorts of incidents are only going to become more and more common as we delay necessary reforms that would make our SCADA systems more secure,” he said.
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.