November 18th, 2011
09:20 AM ET

Feds investigating whether Illinois "pump failure" was cyber attack

By Mike M. Ahlers

Federal officials confirmed they are investigating whether a cyber attack may have been responsible for the failure of a water pump at a public water district in Illinois last week. But they cautioned that no conclusions had been reached, and they disputed one cyber security expert's statements that other utilities are vulnerable to a similar attack.

Joe Weiss, a noted cyber security expert, disclosed the possible cyber attack on his blog Thursday. Weiss said he had obtained a state government report, dated Nov. 10 and titled "Public Water District Cyber Intrusion," which gave details of the alleged cyber attack culminating in the "burn out of a water pump."

Such an attack would be noteworthy because, while cyber attacks on businesses are commonplace, attacks that penetrate industrial control systems and intentionally destroy equipment are virtually unknown in the U.S.

According to Weiss, the report says water district workers noted "glitches" in the systems for about two months. On Nov. 8, a water district employee noticed problems with the industrial control systems, and a computer repair company checked logs and determined that the computer had been hacked.

Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor, and that he had stolen other user names and passwords. Weiss said the Department of Homeland Security has an obligation to inform industry about the "water pump" attack so they could protect themselves from similar assaults.

But a DHS spokesman said the cause of the water pump failure is unknown. The DHS and FBI are "gathering facts," DHS spokesman Peter Boogaard said in a statement. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said.

If DHS identifies any useful information about possible impacts to additional entities, it will disseminate it as it becomes available, Boogaard said.

And another computer expert familiar with the incident said the government was acting properly.

"This is just one of many events that occur almost on a weekly basis," said Sean McGurk, former director of the National Cybersecurity and Communications Integration Center. "While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance," he said.

DHS does not have the luxury of jumping to conclusions, McGurk said. "The department has to ensure that they're sharing information in a way that's valuable to the community," he said.

McGurk also said the state report may be in error, especially if the writer was not a water or control systems engineer. "We see that all the time - initial reports that turn out to be wrong," he said.

Weiss, a frequent critic of DHS, said he was revealing details of the state document because he believes other utilities should be aware of the incident so they could take precautions. DHS should have distributed information about the attack through several entities set up to share information, as well as to private industry groups.

Weiss declined to identify the state - or the region - where the water utility was located, saying the report was marked "For Official Use Only."

But in its statement, the DHS said the water system was located in Springfield, Ill.

Filed under: Cybersecurity • Homeland Security
soundoff (13 Responses)
  1. boxes

    I love your blog.. very nice colors & theme.

    Did you make this website yourself or did you hire someone to do it for you?
    Plz reply as I'm looking to design my own blog and would like to
    know where u got this from. appreciate it

    April 8, 2021 at 12:30 pm | Reply
  2. Leeann Hippo

    Very interesting subject, thanks for putting up.

    March 6, 2021 at 2:21 pm | Reply
  3. Carli Errett

    March 4, 2021 at 11:04 am | Reply
  4. Rachael Shambrook

    Thanks for another fantastic article. The place else may anybody get that kind of info in such an ideal manner of writing? I've a presentation subsequent week, and I am on the look for such info.

    January 28, 2021 at 10:11 pm | Reply
  5. Lisandra Defrank

    With everything which seems to be developing within this particular subject matter, many of your points of view are very radical. Having said that, I am sorry, because I can not subscribe to your entire idea, all be it exhilarating none the less. It seems to everybody that your opinions are actually not completely validated and in fact you are generally yourself not completely convinced of your argument. In any event I did appreciate examining it.

    January 12, 2021 at 1:50 am | Reply
  6. Colton Soberano

    magnificent issues altogether, you simply gained a emblem new reader. What might you suggest about your submit that you simply made a few days in the past? Any sure?

    January 10, 2021 at 11:03 pm | Reply
  7. Raina Counce

    It has always been my belief that good writing like this takes research and talent. It’s very apparent you have done your homework. Great job!

    December 20, 2020 at 7:26 pm | Reply
  8. j3zy9nq895
    弊社は海外安心と信頼のプラダ 時計 コピーです。2016 新作が満載!皆様を歓迎して当店をご光臨賜ります。ロレックス時計コピー,パネライ時計コピー,ウブロ時計コピー ,ブライトリング時計コピー,IWC時計コピー,フランクミュラー時 計コピー,ショパール時計コピー,フェラーリ時計コピー,グラハム 時計コピー,ハリー ウィンストン時計コピー等。サイトは世界一流ブランド }}}}}}

    February 18, 2016 at 11:03 am | Reply
  9. james r.

    Burned out water pumps, sounds a lot like those Iranian centrefuges that were spun out by a stuxnet virus.

    November 18, 2011 at 2:46 pm | Reply
  10. uggs

    I agree with you, but please look at uggs.

    November 18, 2011 at 10:48 am | Reply

Leave a Reply to Raina Counce


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.