Skip Links

America's critical infrastructure security response system is broken

Possible cyberattack on SCADA system at small Illinois water plant highlights weakness in U.S. system of "Fusion Centers"

By , Network World
December 01, 2011 03:57 PM ET

Network World - The flap over the reported water utility hack in Illinois begs the question: Is the reporting system that the U.S. has set up to identify cyberattacks on critical infrastructure broken and in need of re-thinking?

FBI, DHS say no evidence of a hack in an Illinois water district pump failure

Since the year 2000, the Department of Homeland Security (DHS) has encouraged states and cities to establish so-called "Fusion Centers" to operate under local control and collect information from the likes of power companies and water utilities about incidents that might have national-security implications.

There are now 72 of these Fusion Centers in the U.S., which vary in their practices, according to DHS. When one of them, the Illinois Statewide Terrorism and Intelligence Center (STIC), issued a brief report on Nov. 10 titled "Public Water District Cyber Intrusion," it led to a firestorm of controversy, putting what has been a secretive reporting system in the harsh glare of the public spotlight, and highlighting the intrinsic weakness in the way the U.S. critical-infrastructure incident reporting system works today.

The Illinois STIC report said there had been a cyberattack from Russia on a SCADA (supervisory control and data acquisition) system used by an unnamed Illinois water-supply company to control its water pumps, leading to the burnout of a pump as it was repeatedly turned on and off. In addition, the STIC report said an unnamed information technical services company looking at the SCADA system believed the hackers had been going after the SCADA system for several months, trying to get user names and passwords.

The STIC report was sent on to the DHS for its review, which DHS says is the usual process. But the DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) later said it was only "made aware of" the report on Nov. 16.

The report, shared among those associated with the Illinois STIC, was expected to remain confidential. But the operator of a utility company associated with the Illinois STIC, who was troubled by this report and looking for advice, shared it with a well-known energy-industry consultant, Joe Weiss, head of Applied Control Solutions.

When Weiss mentioned the report in his blog a media firestorm ensued, with the Washington Post and other news sources describing it as perhaps the most significant cyberattack on U.S. critical infrastructure.

Once the media blitz erupted, the DHS and FBI took to publicly describing how, in coordination with ICS-CERT, they had sent a team off to the Illinois water facility. The feds were the first to name it as the Curran-Gardner Townships Public Water District in Springfield, Ill., which serves just over 2,000 customers.

ICS-CERT on Nov. 23 issued a bulletin that said once it had received the Illinois STIC report on Nov. 16, the organization "reached out to the STIC to gather additional information. ICS-CERT was provided with a log file; however, initial analysis could not validate any evidence to support the assertion that a cyber intrusion had occurred."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News