Turn off the faucet: Foreign hackers target a water treatment plant

Foreign hackers may have broken into the computers of a water treatment plant in Illinois last week and damaged a water pump,  according to the Washington Post.

The attack appears to be the first malicious cyber assault against a critical infrastructure computer network in the U.S., according to an expert cited by the newspaper.

The attack was noticed on Nov. 8, when there were problems with the city’s water pump control system. A technician figured out the system had been remotely attacked via a computer in Russia, said Joe Weiss, an industry security expert who obtained a copy of the state’s report on the incident.

The Department of Homeland Security told the Post that a water plant in Springfield, Ill., had been damaged, but they had not yet verified that the failure was caused by a cyber attack.

Dave Marcus, director of security research for McAfee Labs, told the Post that critical systems in the U.S. are vulnerable to attacks over the Internet and few operators of the infrastructure know how to detect them.

It reminds us of a talk by John McNabb, a security expert who spoke at the Defcon hacker conference in Las Vegas in August. He said that it was exceedingly easy to break into and disrupt water meters. McNabb’s talk a year earlier also warned about how easy it might be to attack water treatment facilities. In 2010, he said that water infrastructure cyber attacks had increased 367 percent over more than a decade and about 22 percent of them are malware. The water facilities often use Siemens’ SCADA industrial software, which can be attacked. He concluded that water infrastructure is too big and too exposed to be 100 percent protected from attack, though he was more worried about bombs than cyber attacks.

Below is a video of McNabb’s talk about attacks on water infrastructure.

blog comments powered by Disqus