Thursday, November 24, 2011

Rumored as (but not) The First Known Cyber Attack on American Utility

This was very interesting article by By at The Washington Post titled:

Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says

Below is the first paragraph from Ellen Nashima's very interesting article:
"Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life."

Below is a snippet regarding that the facts are still being gathered:
"Federal officials confirmed that the FBI and the Department of Homeland Security were investigating damage to the water plant but cautioned against concluding that it was necessarily a cyber-attack before all the facts could be learned. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” said DHS spokesman Peter Boogaard."
 After Y2K efforts, I was under the wrong assumption that the security of the utility systems were being addressed.  It would be interesting to know exactly what the utilities have been doing for the past 11 years.   This is why we need more emphasis and cross pollination of computer security in colleges and universities in disciplines outside of computer science such as mechanical engineering.

Later, this was update by Ellen Nakashima with the following (thanks npg):
Federal officials said Wednesday they have found no evidence to support an initial state report that foreign hackers caused a pump at an Illinois water plant to fail this month.
Below is from the article that was quite surprising to read:   "The contractor, who had remote access to the computer system, was in Russia on personal business, the source added."
I could certainly see why that would get someone's attention :-)