From CNET (Elinor Mills):
“After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois,” DHS spokesman Chris Ortman said in the statement provided to CNET. “There is no evidence to support claims made in initial reports–which were based on raw, unconfirmed data and subsequently leaked to the media–that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant. In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported. Analysis of the incident is ongoing and additional relevant information will be released as it becomes available.”
Control systems expert Joe Weiss unearthed what appeared to be the first report of an attack on a U.S. water utility last week. According to a report titled “Public Water District Cyber Intrusion” and released in the Illinois Statewide Terrorism and Intelligence Center Daily Intelligence Notes of November 10, a pump at a water utility in Illinois burned out when a SCADA (supervisory control and data acquisition) system was repeatedly switched on and off. The report said an intruder was apparently able to get access to the SCADA system after stealing customer usernames and passwords from a SCADA vendor.
The Pueblo Board of Water Works has the correct security strategy in place according to this report from John Norton writing for The Pueblo Chieftain.