YARMOUTH, Maine—A cyber attack that apparently originated in Russia and targeted a water utility in Illinois may be the purview of IT security specialists, but it should be of concern to all security professionals with responsibilities over vital infrastructure, say utility security experts who spoke with Security Director News.
The cyber attack, which targeted the Curran-Gardner Township Public Water District, apparently took place on Nov. 8 and was traced to an IP address in Russia. By taking remote control of the Supervisory Control and Data Acquisition (SCADA) systems, the attackers were able to burn out a water pump. However, the event wasn't widely reported until Nov. 17, when Joe Weiss, a well-known expert on cyber security of utilities, wrote about the attack, citing a report from the Illinois Statewide Terrorism and Intelligence Center.
Though the cyber attack's only result was a burned-out pump at a small Illinois water utility, Allan Wick, security manager for the Tri-State Generation and Transmission Association and chairman of the ASIS Utilities Security Council, told Security Director News it's a very significant event. "This is the first documented instance in the United States of a SCADA system of a critical infrastructure being compromised," he said.
People have been talking about the potential for such an attack for years, Wick said, but not everyone in the utilities sector took the threat seriously. The event should be an "eye-opener" for security professionals with responsibility over vital infrastructure, Wick said. "Take the threat seriously," he said. "It's not someone crying wolf."