Report: Cybercriminals have penetrated U.S. electrical grid
Hackers look to map power grid and install malware for possible attacks, Journal says
IDG News Service - Cyperspies from China, Russia and elsewhere have gained access to the U.S. electrical grid and installed malware tools that could be used to shut down service, according to a story published today by The Wall Street Journal.
Thus far, the attackers haven't used their access to damage the electrical grid, but the cyberespionage appears to be "pervasive," the Journal reported, citing anonymous national security officials. Federal officials are worried that the cyberspies could use their access to try to shut down the grid or take control of power plants during a time of crisis or war, the story said.
Many of the intrusions, which for now appear to be aimed mostly at mapping the domestic power grid, were discovered not by electric utilities but by U.S. intelligence agencies, the story added.
The cyberspies have left behind software tools that could be used to destroy components of the grid, one intelligence official told the Journal. "If we go to war with them, they will try to turn them on," that official was quoted as saying.
U.S. lawmakers and some security analysts have raised concerns for several years about the security of the power grid and other industrial control systems.
In 2007, for example, a simulated attack done by the Idaho National Laboratory for the U.S. Department of Homeland Security showed that a known software vulnerability in a Supervisory Control and Data Acquisition, or SCADA, system could be used to destroy power grid equipment.
There also have been previous disclosures of actual hacking incidents involving electrical grids, both in the U.S. and abroad. Early last year, the CIA said that cybercriminals had been able to launch online attacks that disrupted power equipment in several regions outside of the U.S.
And at a congressional hearing in March, Joseph Weiss, managing partner of Applied Control Solutions, claimed that networks controlling industrial control systems in the U.S. have been breached more than 125 times in the past decade, with one incident resulting in deaths.
A coordinated attack on critical infrastructure systems "could be devastating to the U.S. economy and security," Weiss said at the hearing. "We're talking months to recover. We're not talking days."
Other security experts have raised concerns that the electrical grid could become more vulnerable as it is transitioned into a two-way smart grid, potentially using the Internet for transmission. The federal government included $4.5 billion for smart-grid deployment as part of the economic stimulus package approved earlier this year.
IOActive Inc., a Seattle-based security consultancy, has spent the past year testing smart-grid devices for security vulnerabilities. The company said last month that it had discovered a number of flaws that could enable hackers to access networks and cut power.
Brian Ahern, president and CEO of Industrial Defender Inc., a vendor of security tools for control systems, also voiced concerns about the power grid in an interview before the Journal story was published.
"One of the challenges that we have today in this country is that you've got all this critical infrastructure that has been deployed over the last 20 years, and no one was even thinking about security," Ahern said. "When you think about our existing infrastructure today — power plants, transmission distribution systems — they all have their own security problems. That's what we're all working diligently on right now: making sure that our existing infrastructure is secure."
- University of North Florida breach exposes data on 107,000 individuals
- Zeus Trojan bust reveals sophisticated 'money mules' operation in U.S.
- GAO slams White House for failing to lead on cybersecurity
- Man charged with attack on Web site of Fox News' Bill O'Reilly
- Heartland breach expenses pegged at $140M -- so far
- IT contractor gets five years for $2M credit union theft
- Democracy would suffer if Google left China, says MIT panel
- Gonzalez accomplice gets five years for hacking TJX
- Threat of cyberattacks from overseas high, federal IT execs say
- Botnets 'the Swiss Army knife of attack tools'
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts