A closer look // By Eugene K. ChowWater pumps and terrorism-related information sharing systems

Published 19 January 2012

With thousands of local law enforcement agencies, critical infrastructure operators, and concerned citizens reporting suspicious incidents, Homeland Security officials are inundated with data; effectively sorting through that information is a problem, as was illustrated last November by a report that a water pump at an Illinois water utility was broken by Russian hackers; the preliminary report caused panic about U.S. infrastructure vulnerability, but ultimately proved incorrect; it took more than a week for federal investigators to reach its conclusion, showing DHS ongoing problems with streamlining information sharing processes with its Fusion Centers

With thousands of local law enforcement agencies, critical infrastructure operators, and concerned citizens reporting suspicious incidents, Homeland Security officials are inundated with a deluge of data and effectively sorting through that information has proven to be a problem.

In an illustrative case, last November a report that a water pump at an Illinois water utility was broken by Russian hackers was leaked to the press.

The report, which had not been fully investigated or confirmed by authorities, caused a panic among critical infrastructure operators, confirming their worst nightmares that a Stuxnet-like attack on industrial control systems had finally reached the United States.

At the time Joe Weiss, the first to report on the story and the head of Applied Control Solutions, which specializes in securing industrial control systems, said in an interview with the Christian Science Monitor, “This is a big deal.”

It’s arguably the first case where we’ve had critical infrastructure targeted by people outside the U.S. and equipment damaged as a result. But the really big issue is that someone hacked a [software vendor who sells control systems to water utilities] just to get at the user-IDs and passwords for the utilities that were its customers,” Weiss explained.

The media continued to pick up the story with major news outlets including the Washington Post and MSNBC reporting on the incident. As the story gathered steam, DHS and FBI officials insisted that nothing had been confirmed yet and a team of investigators had been dispatched to examine the incident.

After more than a week of speculation and panic, officials announced that, “After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois.”

The wild speculations began on 10 November when the Illinois Statewide Terrorism and Intelligence Center (STIC), one of seventy-two Fusion Centers nationwide, issued a brief report titled “Public Water District Cyber Intrusion. STIC sent the report on to DHS’ Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), based on protocol, but ICS-CERT saidit was only “made aware of” the report on 16 November.

While waiting to hear back from federal officials, STIC got cold feet and decided to consult with Weiss, who went on to mention the report on his blog, resulting in the media frenzy.

In its statements on the incident, the FBI and DHS directly addressed the leak.

There is no evidence to support claims made in initial