Reuters reports that the FBI and other agencies are in the process of investigating multiple threats to Midwest Water Supply Systems. Specifically, the FBI has named Wichita, Kansas as a target, but utility facilities have also been put on alert in other Midwestern cities.
(Reuters) The U.S. Federal Bureau of Investigation learned of the threats in the past two days and has contacted the water supply facilities and law enforcement offices for the municipalities, said Bridget Patton, a spokeswoman for the FBI office in Kansas City, Missouri.
Patton declined to discuss the nature of the threats or the number of cities affected. She said investigators had been sent out in response to the reports, but offered no details.
“We were made aware of the threat,” Patton said. “We have not been able to substantiate any of the threats.”
Wichita city officials warned employees in emails to be on guard for suspicious activities. City officials also told residents the water is safe to drink and the public will be notified immediately if this changes.
Wichita Police Lieutenant Doug Nolte said Friday that the city had taken steps to keep the city’s water supply safe, but would not describe what measures had been taken.
(KSN News) “The FBI as of our law enforcement agencies take any threats to the public personal safety very seriously,” said Bridget Patton, Media Representative for the FBI.
For the last several days, the FBI has been looking into a regional water threat.
KSN News learned the potential hazard affects four major water systems in the mid-west including Wichita.
The Wichita water utility plants serve about 500,000 people, but many millions may be affected should systems in multiple Midwest cities fail or come under attack simultaneously.
In 2011 cyber security McAfee issued a warning titled In the Dark: Crucial Industries Confront Cyberattacks, in which they noted that all critical infrastructure systems connected to the internet could be compromised by rogue attacks resulting in shutdowns or malfunctions.
The sectors on which this report focuses — power, oil, gas, and water — may well be the first targets for a serious cyberattack.
What we found is that they are not ready. The professionals charged with protecting these systems report that the threat has accelerated — but the response has not. Cyberexploits and attacks are already widespread. Whether it is cybercriminals engaged in theft or extortion, or foreign governments preparing sophisticated exploits like Stuxnet, cyberattackers have targeted critical infrastructure.
In the case of water utilities, if hackers were to take control of the computers that maintain safe water levels and chemical treatment they could potentially poison the water supplies of millions. In such a case people could go to sleep like any normal night, wake up in the morning and have a glass of water, and be poisoned by any number of chemical or biological agents that have been released into the water supplies.
Hackers have already broken into water utility computer systems recently, despite assurances that the systems are safe. In November of 2011 a Stuxnet-style virus infected the physical components of the Springfield, Illinois water utility plant and shut down water pumps, demonstrating that not only can systems be infiltrated from outside of protected networks, but that the physical equipment can be overtaken.
But it’s not just the computer systems. There is a woeful disregard for perimeter security in and around critial infrastructure assets around the United States, including water plants.
Security around national water reservoirs may not be as safe as we thought:
In a time where people talk all the time about droughts, 21 year old Josh Seater has cost the city of Portland Oregon 8 million gallons of drinking water.
After a night on the town, a heavily intoxicated Seater began urinating a water reservoir. “I didn’t know it was a water supply, otherwise I wouldn’t have done it, I thought it was a sewage plant”.
The cost of Josh’s drunken behavior has cost the Portland Water Bureau $36,000, as the 8 million gallons have had to be completely drained away.
While TSA gaterapes grannies in diapers at our local airports and steams ahead on expanding enhanced pat-downs and searches to all public venues including train stations, sporting events and malls, the real security holes are completely ignored.
With so many billions of dollars being spent on homeland security, Americans have been left with a false sense of security. The government tells us they are protecting us, and most people simply take this at face value.
In reality, even if the government was efficiently deploying its resources for effectively securing critical infrastructure, the fact is that nothing can ever be 100% secure. This is evidenced by recent comments from outgoing Homeland Security Secretary Janet Napolitano, who warned that a widespread cyber attack on our national power grid and other infrastructure is not only guaranteed, but imminent.
In previous comments, Napolitano, along with the Federal Emergency Management Agency, has advised Americans to stockpile at least two (2) weeks of essential supplies, including food and fresh drinking water, citing concerns that emergency responders could be overwhelmed in the event of a widespread emergency.
Failure to prepare for short and long-term disaster could be deadly. Most Americans have about three days worth of food supplies and almost no reserve water supplies ormethods for filtering water should the water supply be compromised.
As we saw with Hurricane Sandy, any disruptions to the normal flow of supplies or commerce would lead to a breakdown within 72 hours as those affected struggle to acquire limited resources.