The United States Department of Homeland Security cried foul yesterday morning, debunking claims from both the Illinois Statewide Terrorism and Intelligence Center (STIC) and Applied Control Solutions that a water station in Illinois was hacked earlier this month.
A flurry of reports late last week described an attack on an unnamed Springfield, Ill. water treatment facility where the plant’s supervisory control and data acquisition software (SCADA) were compromised by Russian computers.
At the time DHS spokesperson Peter Boogaard reported the DHS and FBI were investigating the alleged pump failure. This week however, they’ve released a statement claiming they “found no evidence of a cyber intrusion.” According to an e-mail to state, local and industry officials, DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said that no credentials were stolen that there was no unsanctioned traffic from Russia as previous claims had justified.
ICS-CERT’s full statement, according to security blog KrebsOnSecurity, reads as follows:
“There is no evidence to support claims made in the initial Fusion Center report – which was based on raw, unconfirmed data and subsequently leaked to the media – that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant,” the ICS-CERT alert states. “In addition, DHS and FBI have concluded that there was no malicious or unauthorized traffic from Russia or any foreign entities, as previously reported. Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.”
The statement is in stark contrast to the one first penned by Joe Weiss, a security consultant at Applied Control Solutions who ruminated on the report initially issued by the STIC.
Weiss has since posted an update on the Unfettered blog, in an attempt to clarify and disseminate the ‘he said, she said’ situation between STIC and the DHS.
“At issue is that we need to be quickly informed if an event has occurred so that others ho have similar equipment or architectures can take steps to protect themselves in case the event spreads. However, this requires both timely notification and correct information,” Weiss wrote.