Security experts have long worried that a knowledgeable hacker could damage the critical infrastructure that supplies power, water, and other utilities to U.S. citizens. The few incidents of cyber attacks on utilities, where details became public, have underscored the danger while at the same time signaling that such attacks may not be common.
Two events this week may change that perception.
On Thursday, a control-systems expert released details of an intrusion into a utility company's control network that lasted at least two months and resulted in damage to a water pump. In a statement, the U.S. Department of Homeland Security inadvertently identified the location of the utility company as Springfield, Ill.
"This isn't hypothetical any more, where people write about what could and what may happen," said Joseph Weiss, a managing partner at Applied Control Solutions and the person who released details from the report. "This keeps going back to what somebody has done. We don't know what is going on and there is no guidance out there yet. The concern is how many others have been compromised."
However, City Water, Light & Power, the utility provider for the city, denied that it was the target of the attack. "Various reports have falsely identified City Water, Light and Power in Springfield, Ill., as having experienced a cyber security breach," the company said in a statement. "CWLP has not had any breach of its Water or Electric Department supervisory control and data acquisition (SCADA) systems." SCADA is the computer control network that operates various systems at the utility.
Whether or not CWLP is the breached utility firm, attacks on critical-infrastructure companies appear to be a trend. Today, a hacker posted images and details purportedly from the systems that control the water supply for the city of South Houston, Texas. A series of five images shows the various water levels at different pumping stations and appears to indicate the user has the ability to enable and disable equipment.