ICS-CERT and the FBI have released the following joint-statements regarding the recent attacks against water systems in Illinois and Texas:
In response to two recent incidents impacting water utilities in Illinois and Houston, the ICS-CERT and FBI have prepared the following joint statements.
- The DHS Illinois State Fusion Center released two FOUO reports about a cyber hack into a water utility that resulted in a pump failure. The reports were intended to be initial raw reporting and not conclusive in nature. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received a copy of the reports on Nov 16th and inquired to the DHS field office to obtain additional information.
- Initial ICS-CERT analysis of a log file provided by the state fusion center could not validate the claims made in the report, however, analysis is ongoing. The vendor is a small regional systems integrator that builds custom solutions with a focus on local, rural water utilities.
- ICS-CERT is actively working with the utility and the FBI to gather additional forensic data to determine what caused the pump to fail. ICS-CERT is also working with the Water ISAC and Multi-State ISAC to coordinate information as it becomes available.
- Additionally, a hacker recently claimed to have accessed an industrial control system responsible for water supply at a different US utility. The hacker posted a series of images allegedly obtained from the system.
- ICS-CERT and the FBI are investigating both incidents. MS-ISAC will also continue to coordinate with ICS-CERT in order to provide updated information to our members as it becomes available. At this time, there are no specific recommendations other than to ensure you are following security best practices. ICS-CERT recommends reviewing Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies for more information.
ICS-CERT has not received any additional reports of impacted manufacturers of ICS or other ICS related stakeholders related to these events. If DHS ICS-CERT identifies any information about possible impacts to additional entities, it will disseminate timely mitigation information as it becomes available. Please contact ICS-CERT if you suspect or detect any malicious activity against/involving your control systems.
These events underscore the widespread vulnerabilities inherant in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems which govern networks controlling critical infrastructure including power, water, and chemical production among other vital operations.