Thursday, December 1, 2011

DHS and FBI have disputed that the Springfield, Illinois incident was a cyberattack

Apparent cyberattack destroys pump at Illinois water utility

A pump at a public water utility in Springfield, Illinois was destroyed after cyberattackers gained access to a SCADA system controlling the device, according to a security expert who obtained an official report on the incident.

CS-CERT has released the following statement saying that DHS and FBI have disputed that the Springfield, Illinois incident was a cyberattack.

ICS-CERT is assisting the FBI to gather more information about the separate Houston incident.

>UPDATE - Recent Incidents Impacting Two Water Utilities
ICSJWG Communications [ICSJWG.Communications@HQ.DHS.GOV]


Greetings:

After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.

There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant. In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported. Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.

In a separate incident, a hacker recently claimed to have accessed an industrial control system responsible for water supply at another U.S. utility. The hacker posted a series of images allegedly obtained from the system. ICS-CERT is assisting the FBI to gather more information about this incident.

ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events. If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available. ICS-CERT encourages those in the industrial control systems community who suspect or detect any malicious activity against/involving control systems to contact ICS-CERT.

Regards,

ICS-CERT
E-mail: ics-cert@dhs.gov
Toll Free: 1-877-776-7585
For CSSP Information and Incident Reporting: www.ics-cert.org

No comments: