Hostile hackers threaten power grid

In Thursday's IT Blogwatch, Richi Jennings watches bloggers fear for the safety of the U.S. electrical grid in the face of hostile hackers. Not to mention Penelope Cruz necked...

Grant Gross gives the grubby goss on the grid:

Cyperspies from China, Russia and elsewhere have gained access to the U.S. electrical grid and installed malware tools that could be used to shut down service, according to a story published today by The Wall Street Journal.

Thus far, the attackers haven't used their access to damage the electrical grid, but the cyberespionage appears to be "pervasive" ... Federal officials are worried that the cyberspies could use their access to try to shut down the grid or take control of power plants during a time of crisis or war ... The intrusions ... appear to be aimed mostly at mapping the domestic power grid ... The cyberspies have left behind software tools that could be used to destroy components of the grid.

Austin Modine zaps us with some context:

Foreign cyber-spies have reportedly been infiltrating the US electrical grid and planting software that can be used to destroy key components ... US intelligence officials worry they'll try during a crisis or war.


The security trouble is linked to so-called supervisory control and data acquisition (SCADA), software used to control switches and valves at power generators, gas refineries, and manufacturing plants across the world. As more of the systems are being hooked to the internet and corporate intranets to save costs, the easier it is for cyber ne'er-do-wells to gain ill-intended access. Because security on the systems is not regulated in the US, protection of key infrastructure left in the hands of the industry.

Keith Johnson speaks of the smart grid opportunity:

The big question is whether the move to a smart grid would increase the country’s vulnerability to such attacks, or serve as the best form of defense.

The Center for American Progress, in its latest study on the electricity transmission system, said the smart grid was the solution—not the problem—because it would represent the chance to finally upgrade vulnerable old, jury-rigged technology currently cobbled together in the electric grid ... The California-based Electric Power Research Institute ... was picked today by the Commerce Department to draw up the “roadmap” of the new smart grid.

Sue Walsh sounds worried:

This is big folks ... What’s more is that our water, sewage, and other infrastructure systems [are] also at risk.


While there is no immediate danger, this is not something to be taken lightly.  Last year a cyberattack took out power equipment in multiple regions outside the U.S and was followed by extortion demands ... What’s really disturbing is that none of the three electric networks that make up the grid had any idea they’d been attacked. Security in this area needs to be beefed up and fast, and the Obama administration pledges to make that happen.

But Kevin Poulsen pours cold water on it:

Those impish Chinese government cyber-saboteurs we last saw posing as 20-foot high trees to trigger the 2003 northeast power outage have returned in an all new adventure ... Sadly, this new installment doesn't contain the kind of juicy details that made the previous one so easy to debunk. In fact, it contains almost no details at all.


The unspoken lesson here is obvious ... Only the intelligence agencies are equipped to protect us from foreign cyber attacks. It's an unusually opportune time for this revelation, since the NSA is at this very moment jockeying to take over cyber security from DHS, which lacks the wholesale warrantless-wiretapping capabilities needed to detect Chinese hackers. What a lucky coincidence of timing.

And Andy Greenberg agrees: [Say that five times fast]

Cybersecurity insiders weren't as intrigued by [the] news as they were by the question of which government officials had leaked it--and why ... Some suspect that the timing behind the security officials' new revelations may be intended as a tactic to coax private utility companies into participating in cybersecurity regulatory initiatives currently under review.


[It] emerges between two important cybersecurity landmarks. Last Wednesday, Sens. John Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, introduced a controversial bill with sweeping new cybersecurity regulations ... And next week marks the end of a 60-day review of the so-called Cyber Initiative, a classified multibillion-dollar initiative to shore up the nation's cyberdefense.

And finally...

Previously in IT Blogwatch:

Buffer overflow:

Like this stuff? Subscribe to the RSS feed.

Richi Jennings is an independent analyst/adviser/consultant, specializing in blogging, email, and spam. A 23 year, cross-functional IT veteran, he is also an analyst at Ferris Research. You can follow him on Twitter, pretend to be Richi's friend on Facebook, or just use boring old email:

Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon