Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

FAQ: What you should know about Illinois water-district SCADA breach

Here are some key questions and answers about the Nov. 8 break-in of the control network at an Illinois water utility that resulted in attackers burning out a pump.

Some of these answers are based on information from Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book "Protecting Industrial Control Systems from Electronic Threat," who says he got the information from a document he's seen from the Illinois Terrorism Fusion Center, but he wouldn't say how he got it.

BACKGROUND: Apparent cyberattack destroys pump at Ill. water utility

What happened?

Someone hacked into the Curran-Gardner Water District network in Illinois and turned the supervisory control and data acquisition (SCADA) network on and off. That network controls the machines that run the water system.

Turning the system on and off in turn turned pumps on and off. The constant stopping and starting of one pump eventually burned it out.

How did the breach happen?

Hackers stole user names and passwords from the company that supplies SCADA software to the water district, including the user names and passwords of its customers. Workers at the waterworks noted glitches in the water districts remote access system for two to three months that could be related to the attack.

Who did it?

That's not certain. Traffic has been trace to an IP address at a Russian ISP, but that doesn't mean that's where the attack originated. It could have hopped from server to server before finally being forwarded from the Russian server.

Why would someone want to burn out a pump at a small water utility where the damage didn't even interrupt water service?

One theory is that the attackers were practicing in preparation for a more significant attack either at the utility or elsewhere. A counterargument is that people planning a future operation would want to keep their reconnaissance secret. Another theory is that in experimenting with what they could do to the SCADA system, they inadvertently burned out the pump. It's unclear what exactly the attackers did during the time they had access to the network. Another theory is that it was amateur hackers messing around with no real plan and they happened to ruin the pump.

Won't logs reveal what they were up to?

Probably not. Logs in SCADA networks keep track of what physically happens to devices, but usually not what goes on within the SCADA system itself. There may be some forensics within the underlying operating systems -- generally Unix and Windows -- that will shed some light.

What do the authorities say?

The Department of Homeland Security says it and the FBI are gathering facts about the case. DHS says there's no indication of risk to public safety or critical infrastructure.

Read more about wide area network in Network World's Wide Area Network section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: FBI, LAN
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cybercrime, legal, physical security, scada, security
Latest Blog Posts
Whitepapers
  • Guidance for Calculation of Efficiency (PUE) in Data Centers
    The benefits of determining data center infrastructure efficiency as part of an effective energy management plan are widely recognised. The standard metrics of Power Usage Effectiveness (PUE) and its reciprocal Data Center Infrastructure Efficiency1 (DCIE) have emerged as recognised standards. This paper defines a standard approach to collecting data from data centers and showing how to use it to calculate PUE, with a focus on what to do with data that is confusing or incomplete.
    Learn more »
  • Fixing Your Dropbox Problem - How the Right Data Protection Strategy Can Help
    It’s estimated that more than 50 million people have used public cloud storage services such as Dropbox to share and exchange files. Public cloud services are so easy to use that their openness can undermine existing IT policies regarding the transmission of confidential data. With data volumes threatening to overwhelm onsite storage, IT managers are looking to find a solution that’s affordable and secure. This paper details a simple three-step approach to helping users manage access to the public cloud without placing your data or your business at risk. Read on.
    Learn more »
  • Oracle BPM Suite 11g: BPM without Barriers
    Over the years vendor specialists built tools to simplify a subset of the overall complex process like workflow, or enterprise application integration. Business process management suite software introduced the promise of a comprehensive solution to manage all enterprise processes and to do so with greater efficiency. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments