It seems like something out of a "24" plotline, but in a frightening new security development, it seems an Illinois water plant came under cyberattack last week. Hackers have been able to infiltrate websites and steal information before, but this is the first known instance of a cyberattack that caused physical damage.
Federal officials confirmed that the FBI and the Department of Homeland Security were investigating damage to the water plant but cautioned against concluding that it was necessarily a cyber-attack before all the facts could be learned. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” said DHS spokesman Peter Boogaard.
The report, which [Joe] Weiss [an industry security expert] read to The Washington Post, describes how a series of minor glitches with a water pump gradually escalated to the point where the pump motor was being turned on and off frequently. It soon burned out, according to the report.
The report blamed the damage on the actions of somebody using a computer registered to an Internet address in Russia. “It is believed that hackers had acquired unauthorized access to the software company’s database” and used this information to penetrate the control system for the water pump.
Experts cautioned that it is difficult to trace the origin of a cyber-attack, and that false addresses often are used to confuse investigations. Yet they also agreed that the incident was a major new development in cyber-security.
“This is a big deal,” said Weiss. “It was tracked to Russia. It has been in the system for at least two to three months. It has caused damage. We don’t know how many other utilities are currently compromised.”