It looks like Chicken Little may have gotten it right after all. This time, the proverbial sky may actually be falling. According to multiple reports last week, a Russian-based hacker launched a cyber attack on a drinking water utility in Illinois that destroyed one of its water pumps.
Not only does this mark the first successful international cyber attack on U.S. critical infrastructure, but it’s going to serve as a rallying cry for adversaries and idiots everywhere to try taking down drinking water and wastewater systems.
Simply put, this attack is a game changer.
Trying to downplay the significance of the attack, Department of Homeland Security spokesman Peter Boogaard said:
“DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield, Ill. At this time there is no credible, corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety.”
In response to Boogaard’s quote, a hacker named “prof” infiltrated the network of a drinking water utility in Texas – the very next day! While in the network, prof took screenshots of the SCADA system, which he posted publicly and then issued the following statement:
“I wouldn’t even call this a hack. … This required almost no skill and could be reproduced by a 2-year-old with a basic knowledge of Simatic.”
Congress may hold hearings and the sector is understandably spun up about potential future attacks. The implications for what this means stretch well beyond the water sector and span across all Critical Infrastructure and Key Structures.
The soft underbelly of America’s water utilities has been exposed, exploited and highlighted. At the same time, EPA has slashed funding for water security programs like WaterISAC (the water sector’s officially designated operational and communication arm), and DHS isn’t putting any skin in the game. Talk about bad timing.
Boy am I really starting to hate that Chicken Little…