Two weeks ago, the Internet was abuzz with news of a network intrusion into a utility's operation and control system that caused months of glitches and the eventual failure of a water pump. Details of the alleged intrusion came from a leaked alert issued earlier in November by Illinois's fusion center, the Illinois Statewide Terrorism and Intelligence Center that is supported by the U.S. Department of Homeland Security. The alert suggested that an intrusion from a Russian Internet address was to blame.
While many media reports touted the attack as potentially the first known intrusion to damage critical infrastructure, the DHS soon refuted details of the initial alert, following an investigation by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
"After detailed analysis of all available data, ICS-CERT and the FBI found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois," stated a statement (PDF) issued last week.
Supervisory control and data analysis (SCADA) systems are a common industrial control system used by utilities, manufacturers, and other infrastructure providers.
A seemingly unlikely explanation for the diverging accounts emerged late last week: A contractor apparently accessed the system -- by the utility's request -- while vacationing in Russia. The Washington Post first reported the connection between the contractor and the alert. On Wednesday, Wired interviewed the contractor, who supported the assertions that no attack occurred.
A number of questions remain -- such as why the Illinois fusion center and the DHS did not connect the dots before issuing the report -- yet a number of lessons are already apparent.