Cyber attack on Ill. water utility gains local attention

OTTUMWA —
A “malfunction” under investigation at an Illinois water works plant may have been sabotage by computer hackers. Iowa plant managers are starting to take notice.

“We take threats very seriously,” said Marty Braster, environmental management specialist for Rathbun Regional Water Association.

The moment he received word of the Illinois incident, he said, he contacted the association’s IT specialist.

Federal authorities say they’re investigating the report of a water pump failure near Springfield, Ill., which may have been committed by foreign computer hackers, The Associated Press reported Monday. One expert said this may be the first successful damage of a U.S. utility by an overseas hacker.

The type of situation being investigated in Illinois could not occur in Ottumwa, said Mike Heffernan, director of Ottumwa Water and Hydro.

When someone outside the Illinois water plant last week allegedly accessed the infrastructure’s computerized control system, they changed the settings on a pump moving the water through the system. That pump burned out and failed.

“Our system in Ottumwa is what we call a ‘closed’ computer system, meaning that it’s not accessible via the Internet,” Heffernan said.

Officials at Rathbun feel the same.

“In talking with our IT person, he does not believe our control system is available to the outside world,” said Braster.

But it is something to pay attention to. He said that security has become tighter since 9/11. Rathbun regional belongs to a water information sharing association, which alerted them to the Illinois situation. Braster said they’ve been in that group since it started and have been warned about all manner of threats. And they have received other computer-related warnings, like the message they received about a computer virus going around. But this is the first computer threat he recalls as being targeted specifically at a community water source.

“It’s important to us.  Any kind of tampering with a water source, where in the past it may have been seen as ‘just a prank,’ we take very seriously, and I know other Iowa water utilities do, too.”

All of them are required to have emergency response plans and go through a vulnerability assessment.

Department of Homeland Security spokesman Peter Boogaard wouldn’t comment on reports that the Illinois failure was the result of hacking.

But he said in a statement Saturday that both his agency and the FBI are investigating the failure.

Don Craven, a trustee for the Curran-Gardner Township Public Water District outside of Springfield, Ill., says the water district has over 2,000 rural customers, but because there are multiple pumps, there was never a break in service.

Boogaard said there’s no information indicating a current threat to public safety.

— The Associated Press contributed to this story.

Article source: http://ottumwacourier.com/local/x67373281/Cyber-attack-on-Ill-water-utility-gains-local-attention

View full post on National Cyber Security » Virus/Malware/Worms