Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

What you should know about the US water utility SCADA breach

We take a closer look at the destroyed pump which was allegedly destroyed by a cyberattack

By Tim Greene | Network World US | Published: 16:17, 22 November 2011

Here are some key questions and answers about the November 8 break-in of the control network at an American water utility that resulted in attackers burning out a pump.

Some of these answers are based on information from Joseph Weiss, managing partner at Applied Control Systems LLC and author of the book "Protecting Industrial Control Systems from Electronic Threat", who says he got the information from a document he's seen from the Illinois Terrorism Fusion Center, but he wouldn't say how he got it.

What happened?

Someone hacked into the Curran-Gardner Water District network in Illinois and turned the supervisory control and data acquisition (SCADA) network on and off. That network controls the machines that run the water system.

Turning the system on and off in turn turned pumps on and off. The constant stopping and starting of one pump eventually burned it out.

How did the breach happen?

Hackers stole user names and passwords from the company that supplies SCADA software to the water district, including the user names and passwords of its customers. Workers at the waterworks noted glitches in the water districts remote access system for two to three months that could be related to the attack.

Who did it?

That's not certain. Traffic has been trace to an IP address at a Russian ISP, but that doesn't mean that's where the attack originated. It could have hopped from server to server before finally being forwarded from the Russian server.

Why would someone want to burn out a pump at a small water utility where the damage didn't even interrupt water service?

One theory is that the attackers were practicing in preparation for a more significant attack either at the utility or elsewhere. A counterargument is that people planning a future operation would want to keep their reconnaissance secret. Another theory is that in experimenting with what they could do to the SCADA system, they inadvertently burned out the pump. It's unclear what exactly the attackers did during the time they had access to the network. Another theory is that it was amateur hackers messing around with no real plan and they happened to ruin the pump.

Won't logs reveal what they were up to?

Probably not. Logs in SCADA networks keep track of what physically happens to devices, but usually not what goes on within the SCADA system itself. There may be some forensics within the underlying operating systems - generally Unix and Windows -- that will shed some light.

What do the authorities say?

The Department of Homeland Security says it and the FBI are gathering facts about the case. DHS says there's no indication of risk to public safety or critical infrastructure.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.