January 25, 2012 A TSA memo praising the ageny's outreach to members of the transportation sector during a cyber-attack on December 1, and a "second event" the next day was distributed to rail industry members in December, was later obtained by NextGov.
The U.S. Department of Homeland Security said on Monday, that after further review, the episode may not have been a targeted attack. The railroad industry also commented, calling the TSA memo "inaccurate."
The detailed memo recapped the TSA's outreach efforts during the emergency was distributed to members of the rail industry described the first manipulation of a stretch of a Northwest Railway computer as:
"train service on the unnamed railroad "was slowed for a short while" and rail schedules were delayed about 15 minutes after the interference, according to the government memo.
Holly Arthur, a spokeswoman for the Association of American Railroads said "There was no targeted computer-based attack on a railroad," however members of the rail industry said they are not at liberty to discuss the contents of the TSA memo.
"Railroads closely monitor cyber security as a fully integrated part of both the industry's overall security plan, as well as individual company plans. Continuous coordination on cyber security occurs across the industry and with the federal government," she said.
On January 23, Homeland Security officials reportedly informed Nextgov that further investigation into the incident showed it may not have been a targeted attack, but had no explaination for what may have caused the anomalous activity.
"On December 1, a Pacific Northwest transportation entity reported that a potential cyber incident could affect train service," DHS spokesman Peter Boogaard said. "The Department of Homeland Security, the FBI and our federal partners remained in communication with representatives from the transportation entity in support of their mitigation activities and with state and local government officials to send alerts to notify the transportation community of the anomalous activity as it was occurring."
If the story sounds familar, it is because a very similar incident last November received a great deal of media attention when a cyber security expert obtained the “Public Water District Cyber Intrusion” report, released by the Illinois Statewide Terrorism and Intelligence Center on November 10, and published the details on his blog about an alleged cyber attack culminating in the "burn out of a water pump" at the Curran-Gardner Townships Public Water District, near Springfield, Illinois.
When the Department of Homeland Security downplayed the cyber-attack at the Illinois water plant, an angry hacker with the alias "pr0f," posted proof of a separate intrusion on a South Houston water supplier. The hacker posted images on Pastebin that appear to show the desktop interface of the water utility's SCADA system.
SCADA systems are highly specialized computer systems that control much of the U.S. critical infrastructure from water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines.
Both the railway memo and STIC report underscore how vulnerable the nations critical infrastructure are to an attack on supervisory control and data acquisition (SCADA) systems.
On November 29, 2011, FBI Cyber Division Agent Michael Welch told attendees at the Flemings Cyber-Security conference in London that Scada systems in three U.S. cities were recently compromised, which could have cause a great deal of damage, but denied any major damage occurred.
Dave Marcus, the Director of Security Research at McAfee, said after last November's water pump incident that hacking into a SCADA system is not any more difficult than hacking into any other computer:
“My gut tells me that there is greater targeting and wider compromise than we know about” said Marcus.
Lani Kass, a retired senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, says the U.S. should take the possibility of a cyber attack seriously.
A growing consensus among cyber security experts is a fear that U.S. officials will be unable to identify a pattern or "connect the dots" leading up to a large scale cyber attack.
"The going in hypothesis is always that it's just an incident or coincidence. And if every incident is seen in isolation, it's hard -- if not impossible -- to discern a pattern or connect the dots," Kass recently told Reuters.
The 9/11 terrorist attacks should serve as a "lessons learned" of what can occur when authorities dismissed indicators of an impending disaster. Kass added:
"Failure to connect the dots led us to be surprised on 9/11."
Comments