Correction: An earlier version of this article incorrectly described a source’s summary of a federal investigation of the incident. The finding was that a contractor who logged on to the plant’s computer system while traveling in Russia created the erroneous impression of a cyberattack, not that the log-in caused the malfunction itself. This version has been corrected.
A water-pump failure in Illinois was initially mistaken to be the first foreign cyberattack on a public utility in the United States because a plant contractor traveling in Russia remotely logged in to the plant’s computer system, according to a person familiar with a federal investigation of the incident.
Investigators analyzed log files and connections to foreign Internet protocol addresses within the utility’s computer system, said the source, who was not authorized to speak for attribution. “No indictors of malicious activity were found” in the computer system of the Curran-Gardner Townships Public Water District in Springfield, the source said.
The contractor, who had remote access to the computer system, was in Russia on personal business, the source added.
The suspicion of foreign hacking was raised in a preliminary report by the Illinois Statewide Terrorism and Intelligence Center that was obtained by a control systems industry expert. The expert, Joe Weiss, alerted the news media to the suspected intrusion.
But officials at the Department of Homeland Security, which oversees industrial control system cybersecurity, cautioned from the outset that the report contained “no credible, corroborated data.”
The water pump in question had been experiencing problems, turning on and off and eventually failing, water district board members said. The pump has malfunctioned several times in recent years, a DHS official said.
DHS was alerted to the Illinois report on Nov. 16. At the water district’s request, it sent a team of industrial control system experts to the water plant on Sunday to investigate, according to a DHS bulletin. FBI officials also took part in the inquiry, which included interviewing personnel and collecting logs for analysis. The agencies concluded that there was no malicious or unauthorized traffic from Russia, as stated in the preliminary Illinois report.
Plant and federal officials are still investigating the cause of the pump’s failure.