Technology

FBI Issues Water Supply Cyberterror Warning


Members of Osama bin Laden's al-Qaida terrorist network have sought

information on the Web about the networks that U.S. utility companies use to

remotely control water supply distribution and treatment systems, according

to a bulletin issued by the FBI's National Infrastructure Protection Center

(NIPC) Wednesday.

"U.S. law enforcement and intelligence agencies have received indications

that Al-Qaida members have sought information on Supervisory Control And

Data Acquisition (SCADA) systems available on multiple SCADA-related Web

sites," reads the bulletin. "They specifically sought information on water

supply and wastewater management practices in the U.S. and abroad."

SCADA systems allow utility companies and municipalities to monitor and

direct equipment at unmanned facilities from a central location. Dedicated

communications channels link a control center to hundreds of "remote

terminal units," which in turn control water pumps and other equipment.

The NIPC bulletin went to some 3,000 members of the center's InfraGard

program, an information-sharing partnership between the NIPC and private

industry.

An FBI spokesman emphasized that the bulletin is not a full blown alert.

"It just says be on the lookout," says FBI supervisory special agent Steven

Berry. "There's some information that suggests that they [al-Qaida] are

looking at this... There are potential interests in water supplies, and

other infrastructures."

Automated water supply control systems have long been a subject of concern

from U.S. infrastructure protection specialists, who fear that they could

be hacked by foreign governments or terrorists. A 1997 report by the Clinton

administration's Presidential Commission on Critical Infrastructure

Protection noted, "Cyber vulnerabilities include the increasing reliance on

SCADA systems for control of the flow and pressure of water supplies."

If terrorists are able to penetrate such a system, the danger could extend

beyond merely interrupting water flow.

"If they had the time to infiltrate and get the knowledge, certainly they

could create havoc," says Brian Brewer, a senior engineer at ECS

Engineering, a Pacific Northwest company that specializes in building SCADA

systems for water utilities. "Other than turning pumps off, typically there

are chemicals that are injected, like chlorine or fluoride. If you overdose

any of that into a water system, it can affect it, and you can hurt people."

But Brewer says such an attack is far-fetched, and would require much more

specialized knowledge than could be obtained from surfing the Web. "It would

be a lot harder than learning to fly a plane," says Brewer. Moreover, while

some utilities have moved their SCADA monitoring to the Internet, the far

more critical control channels remain on dedicated leased lines and radio

links that are not as easily accessed remotely.

"Breaking into where a water source exists, and physically dropping whatever

the contaminate would be, is the real concern," Brewer says.

In addition to the cyber terror warning, the NIPC bulletin noted al-Qaida

interest in "insecticides and pest control products at several Web sites."

Also according to the bulletin, a computer belonging to a bin Laden

associate was found to contain structural architecture computer programs,

including AutoCAD, CATIGE, Microstran and BEAM, "that suggested the

individual was interested in structural engineering as it related to dams

and other water-retaining structures."

The same unnamed individual had a program used to identify soil types using

the Unified Soil Classification System, according to the bulletin.

Earlier this month the NIPC issued a public advisory urging organizations to

review what critical infrastructure-related information is available on

their public Web sites, after the center "received reporting that

infrastructure related information, available on the Internet, is being

accessed from sites around the world." By Kevin Poulsen


Hollywood Goes YouTube
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

Sponsored Links

Buy a link now!

 
blog comments powered by Disqus