Report: Cybercriminals have penetrated U.S. electrical grid
Hackers look to map power grid and install malware for possible attacks, Journal says
IDG News Service - Cyperspies from China, Russia and elsewhere have gained access to the U.S. electrical grid and installed malware tools that could be used to shut down service, according to a story published today by The Wall Street Journal.
Thus far, the attackers haven't used their access to damage the electrical grid, but the cyberespionage appears to be "pervasive," the Journal reported, citing anonymous national security officials. Federal officials are worried that the cyberspies could use their access to try to shut down the grid or take control of power plants during a time of crisis or war, the story said.
Many of the intrusions, which for now appear to be aimed mostly at mapping the domestic power grid, were discovered not by electric utilities but by U.S. intelligence agencies, the story added.
The cyberspies have left behind software tools that could be used to destroy components of the grid, one intelligence official told the Journal. "If we go to war with them, they will try to turn them on," that official was quoted as saying.
U.S. lawmakers and some security analysts have raised concerns for several years about the security of the power grid and other industrial control systems.
In 2007, for example, a simulated attack done by the Idaho National Laboratory for the U.S. Department of Homeland Security showed that a known software vulnerability in a Supervisory Control and Data Acquisition, or SCADA, system could be used to destroy power grid equipment.
There also have been previous disclosures of actual hacking incidents involving electrical grids, both in the U.S. and abroad. Early last year, the CIA said that cybercriminals had been able to launch online attacks that disrupted power equipment in several regions outside of the U.S.
And at a congressional hearing in March, Joseph Weiss, managing partner of Applied Control Solutions, claimed that networks controlling industrial control systems in the U.S. have been breached more than 125 times in the past decade, with one incident resulting in deaths.
A coordinated attack on critical infrastructure systems "could be devastating to the U.S. economy and security," Weiss said at the hearing. "We're talking months to recover. We're not talking days."
Other security experts have raised concerns that the electrical grid could become more vulnerable as it is transitioned into a two-way smart grid, potentially using the Internet for transmission. The federal government included $4.5 billion for smart-grid deployment as part of the economic stimulus package approved earlier this year.
IOActive Inc., a Seattle-based security consultancy, has spent the past year testing smart-grid devices for security vulnerabilities. The company said last month that it had discovered a number of flaws that could enable hackers to access networks and cut power.
Brian Ahern, president and CEO of Industrial Defender Inc., a vendor of security tools for control systems, also voiced concerns about the power grid in an interview before the Journal story was published.
"One of the challenges that we have today in this country is that you've got all this critical infrastructure that has been deployed over the last 20 years, and no one was even thinking about security," Ahern said. "When you think about our existing infrastructure today — power plants, transmission distribution systems — they all have their own security problems. That's what we're all working diligently on right now: making sure that our existing infrastructure is secure."
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control.
Enhance Your Virtualization Infrastructure With IBM and Vmware
Date: Wednesday, May 14, 2014, 1:00 PM EDT
Virtualization technology is now expanding beyond the server compute elements to encompass networking and storage...
All Cybercrime and Hacking White Papers |