FBI Issues Water Supply Cyberterror Warning

Al-Qaida terrorists have scoured the Web for information on the computerized systems that control water distribution and treatment, NIPC warns.
By Kevin Poulsen
Jan 30 2002 2:14PM PT

Members of Osama bin Laden's al-Qaida terrorist network have sought information on the Web about the networks that U.S. utility companies use to remotely control water supply distribution and treatment systems, according to a bulletin issued by the FBI's National Infrastructure Protection Center (NIPC) Wednesday.

"U.S. law enforcement and intelligence agencies have received indications that Al-Qaida members have sought information on Supervisory Control And Data Acquisition (SCADA) systems available on multiple SCADA-related Web sites," reads the bulletin. "They specifically sought information on water supply and wastewater management practices in the U.S. and abroad."

SCADA systems allow utility companies and municipalities to monitor and direct equipment at unmanned facilities from a central location. Dedicated communications channels link a control center to hundreds of "remote terminal units," which in turn control water pumps and other equipment.

The NIPC bulletin went to some 3,000 members of the center's InfraGard program, an information-sharing partnership between the NIPC and private industry.

An FBI spokesman emphasized that the bulletin is not a full blown alert. "It just says be on the lookout," says FBI supervisory special agent Steven Berry. "There's some information that suggests that they [al-Qaida] are looking at this... There are potential interests in water supplies, and other infrastructures."

Automated water supply control systems have long been a subject of concern from U.S. infrastructure protection specialists, who fear that they could be hacked by foreign governments or terrorists. A 1997 report by the Clinton administration's Presidential Commission on Critical Infrastructure Protection noted, "Cyber vulnerabilities include the increasing reliance on SCADA systems for control of the flow and pressure of water supplies."

If terrorists are able to penetrate such a system, the danger could extend beyond merely interrupting water flow.

"If they had the time to infiltrate and get the knowledge, certainly they could create havoc," says Brian Brewer, a senior engineer at ECS Engineering, a Pacific Northwest company that specializes in building SCADA systems for water utilities. "Other than turning pumps off, typically there are chemicals that are injected, like chlorine or fluoride. If you overdose any of that into a water system, it can affect it, and you can hurt people."

But Brewer says such an attack is far-fetched, and would require much more specialized knowledge than could be obtained from surfing the Web. "It would be a lot harder than learning to fly a plane," says Brewer. Moreover, while some utilities have moved their SCADA monitoring to the Internet, the far more critical control channels remain on dedicated leased lines and radio links that are not as easily accessed remotely.

"Breaking into where a water source exists, and physically dropping whatever the contaminate would be, is the real concern," Brewer says.

In addition to the cyber terror warning, the NIPC bulletin noted al-Qaida interest in "insecticides and pest control products at several Web sites."

Also according to the bulletin, a computer belonging to a bin Laden associate was found to contain structural architecture computer programs, including AutoCAD, CATIGE, Microstran and BEAM, "that suggested the individual was interested in structural engineering as it related to dams and other water-retaining structures."

The same unnamed individual had a program used to identify soil types using the Unified Soil Classification System, according to the bulletin.

Earlier this month the NIPC issued a public advisory urging organizations to review what critical infrastructure-related information is available on their public Web sites, after the center "received reporting that infrastructure related information, available on the Internet, is being accessed from sites around the world."