Water-pump failure in Illinois wasn’t cyberattack after all

Correction: An earlier version of this article incorrectly described a source’s summary of a federal investigation of the incident. The finding was that a contractor who logged on to the plant’s computer system while traveling in Russia created the erroneous impression of a cyberattack, not that the log-in caused the malfunction itself. This version has been corrected.

A water-pump failure in Illinois was initially mistaken to be the first foreign cyberattack on a public utility in the United States because a plant contractor traveling in Russia remotely logged in to the plant’s computer system, according to a person familiar with a federal investigation of the incident.

Investigators analyzed log files and connections to foreign Internet protocol addresses within the utility’s computer system, said the source, who was not authorized to speak for attribution. “No indictors of malicious activity were found” in the computer system of the Curran-Gardner Townships Public Water District in Springfield, the source said.

The contractor, who had remote access to the computer system, was in Russia on personal business, the source added.

The suspicion of foreign hacking was raised in a preliminary report by the Illinois Statewide Terrorism and Intelligence Center that was obtained by a control systems industry expert. The expert, Joe Weiss, alerted the news media to the suspected intrusion.

But officials at the Department of Homeland Security, which oversees industrial control system cybersecurity, cautioned from the outset that the report contained “no credible, corroborated data.”

The water pump in question had been experiencing problems, turning on and off and eventually failing, water district board members said. The pump has malfunctioned several times in recent years, a DHS official said.

DHS was alerted to the Illinois report on Nov. 16. At the water district’s request, it sent a team of industrial control system experts to the water plant on Sunday to investigate, according to a DHS bulletin. FBI officials also took part in the inquiry, which included interviewing personnel and collecting logs for analysis. The agencies concluded that there was no malicious or unauthorized traffic from Russia, as stated in the preliminary Illinois report.

Plant and federal officials are still investigating the cause of the pump’s failure.

Ellen Nakashima is a national security reporter for The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read World



Success! Check your inbox for details.

See all newsletters

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.