Wednesday, November 23, 2011

FBI downplays water supply 'hack'

US officials have cast doubt over reports that a water pump in Illinois was destroyed by foreign hackers.

The FBI and the Department of Homeland Security said they had "found no evidence of a cyber intrusion".

The Illinois Statewide Terrorism and Intelligence Center (STIC) previously claimed a hacker with a Russian IP address caused a pump to burn out.

A security expert, who flagged up the story, said he was concerned about the conflicting claims.

Information about the alleged 8 November breach was revealed on Joe Weiss's Control Global blog last week. His article was based on a formal disclosure announcement by the Illinois STIC.

The report said that the public water district's Supervisory Control and Data Acquisition System (Scada) had been hacked as early as September.

It claimed that a pump used to pipe water to thousands of homes was damaged after being repeatedly powered on and off.

It added that the IP address of the attackers had been traced back to Russia.

The news attracted attention because it could have been the first confirmed case of foreign hackers successfully damaging a US utilities.

'No evidence'

The FBI and the DHS said they had carried out "detailed analysis" and could not confirm the intrusion.

"There is no evidence to support claims made in the initial Fusion Center report - which was based on raw, unconfirmed data and subsequently leaked to the media - that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," an email sent to the US Industrial Control Systems Joint Working Group said.

"In addition, DHS and FBI have concluded that there was no malicious or unauthorised traffic from Russia or any foreign entities, as previously reported."

The officials added that their analysis of the incident was still ongoing.

Mr Weiss said he was concerned that the email appeared to contradict the initial report.

"This begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility," he wrote on his blog.

"If the STIC report is correct, then we have wasted precious time and allowed many others in the infrastructure to remain potentially vulnerable while we wait to find out if we should do anything."

Fewer managers

Mr Weiss also notes that a 2010 report by the security company McAfee highlighted the relative vulnerability of the global water system compared with other industries including energy and financial services.

"The water/sewage sector... had the lowest adoption rate for security measures protecting their Scada/ICS systems," it said.

The report noted that the low adoption rate might have been linked to the fact that the water and sewage sector, and said that only 55% of its Scada systems were connected to the internet - a lower percentage than most other industries.

However, it went on to highlight the lower number of managers taking responsibility for the issue.

"When considering this data, the small number of water sector executives amongst those with Scada/ICS systems responsibilities - only 11 out of 143 - needs to be noted," said the McAfee report.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement

Google to kill off more products

Google has announced that it is dropping seven more products in an effort to simplify its range of services.

The out-of-season "spring clean" brings an end to services including Google Wave, Knol and Google Gears.

It is the third time that the US firm has announced a cull of several of its products at the same time after they had failed to take off.

Experts said the strategy might put off users from signing up to new services.

Google announced the move in its official blog.

"We're in the process of shutting a number of products which haven't had the impact we'd hoped for, integrating others as features into our broader product efforts, and ending several which have shown us a different path forward," said Urs Holzle, Google's vice president of operations.

"Overall, our aim is to build a simpler, more intuitive, truly beautiful Google user experience," he added.

Wave goodbye

The seven latest products earmarked for the chop are as follows:

  • Google Wave - an attempt to combine email and instant messaging for real-time collaboration
  • Google Bookmarks List - a service which allowed users to share bookmarks with friends
  • Google Friends Connect - allowed webmasters to add social features to their sites by embedding a snippet of code
  • Google Gears - much-hyped effort to maintain web browser functionality when working offline
  • Google Search Timeline - a graph of historical query results
  • Knol - a Wikipedia-style project, which aimed to improve web content
  • Renewable Energy Cheaper than Coal - a project which aimed to find ways to improve solar power

Google had previously announced its plans to kill off some of the projects on the list.

It has now given details about when the switch-offs will occur. For example Wave will be retired in April, and Knol content will be taken offline in October.

Lessons

The diverse nature of the list illustrated how Google operated as a company, said Richard Edwards, principal analyst at research firm Ovum.

"Any company with the resources and number of brains that Google has will have ideas, only some of which will fly. Hitting the zeitgeist is tricky to plan or predict," he said.

The steady stream of innovations from the search giant and the open way it announced them had been a welcome change in a tech industry that had traditionally kept its cards close, said Mr Edwards.

But he warned that Google needed to be careful about how it announced new products in future.

"It can hype the bejesus out of new announcements and it can be difficult for people to pick out the substance from the hype," he said.

There were, he said, "lessons to be learned" from firms such as Apple which took a more measured approach, announcing just a handful of new products once or twice a year.

Focus

Some experts think that Google is streamlining in order to concentrate on its Facebook rival Google+.

The network gained 10 million users within the first 16 days after its private launch, and 40 million within the first 100 days, making it the fastest-growing social network in the history of the web.

But Mr Edwards was sceptical about how successful the service would be in the long-term.

"There is no likelihood of people flocking away from Facebook at the current time unless it commits some hideous faux pas on privacy," he said.

"Something may displace Facebook but I'm not sure it is likely to be Google+," he added.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement