In an e-mail interview with Threatpost, the hacker who compromised software used to manage water infrastructure for South Houston, Texas, said the district used a three-letter password, making it easy to break in.
An electronic attack also destroyed a water pump belonging to a Springfield, Illinois water utility earlier this month, after hackers gained unauthorized access to that company’s industrial control system, according to published reports. Federal officials confirmed that the FBI and the Department of Homeland Security were investigating damage to the water plant but cautioned against concluding that it was necessarily a cyber-attack before all the facts could be learned.
Supervisory Control And Data Acquisition (SCADA) software monitors and controls various industrial processes, some of which are considered critical infrastructure.
Researchers have warned about attacks on critical infrastructure for some time, but warnings became reality after a highly complicated computer worm, Stuxnet, attacked and destroyed centrifuges at a uranium enrichment facility in Iran.
German cybersecurity expert Ralph Langner found Stuxnet, the most sophisticated worm he had ever seen. The cybersecurity expert warns that U.S. utility companies are not yet prepared to deal with the threat.
In a TED Talk recorded in February 2011, Langner stated that, “The leading force behind Stuxnet is the cyber superpower – there is only one; and that’s the United States.”
In a recent speech at the Brookings Institution, he also made the bigger point that having developed Stuxnet as a computer weapon, the United States has in effect introduced it into the world’s cyber-arsenal.