Spies compromised US electric grid

[uscitizen]

AP source: Spies compromised US electric grid
Email this Story

Apr 8, 5:47 PM (ET)

By JORDAN ROBERTSON and EILEEN SULLIVAN


SAN JOSE, Calif. (AP) - Spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, The Associated Press has learned.

The intrusions were discovered after electric companies gave the government permission to audit their systems, a former U.S. government official told the AP. The ex-official was not authorized to discuss the matter and spoke on condition of anonymity.

The inspections of the electric grid were triggered by fears over a March 2007 video from the Idaho National Laboratory, which had staged a demonstration of what damage hackers could do if they seized control of a crucial part of the electric grid. The video showed a power turbine spinning out of control until it became a smoking hulk and shut down.

Although the resulting audits turned up evidence of spying, the former official told the AP that the extent of the problem is unknown, because the government does not have blanket authority to examine other electric systems.

"The vulnerability may be bigger than we think," the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is "almost without a doubt" done by state sponsors.

The Wall Street Journal, which reported the intrusions earlier, said officials believe the spies have not yet sought to damage the nation's electric grid, but that they likely would try in a war or another crisis.

Chinese and Russian officials have denied involvement in hacks on U.S. systems.

The attacks highlight serious problems that utilities like power and water companies face as they add more technologies for remotely managing their facilities. Any system networked to the rest of the world - from financial systems to university records to retail operations - can leave openings for hackers.

Homeland Security spokeswoman Amy Kudwa said her department is "not aware of any disruptions to the power grid caused by deliberate cyber activity here in the United States." Even so, congressional investigators and intelligence officials have warned that electric utilities are vulnerable to cyber attacks, and utilities acknowledge that their computer networks are routinely under assault.

CIA analyst Tom Donahue told utility engineers at a conference last year that in other countries, hackers had broken into electric utilities and demanded payments before disrupting power - in one case turning off the lights in multiple cities.

The power grid is becoming a bigger target for hackers as more pieces of it are connected to each other or, in some cases, to the Internet.

Employees who work remotely can be a major point of weakness. If their computers can be compromised, hackers can begin working backward into a utility's central control system. One way that's done is by so-called "spear phishing," or trying to fool people into opening personalized e-mails that have malicious programs inside them. Malicious Web applications can be another route for hackers.

"The severity of what we're seeing is off the charts," said Tom Kellermann, vice president of security awareness for Core Security Technologies and a member of the Commission on Cyber Security that is advising President Barack Obama. "Most of the critical infrastructure in the U.S. has been penetrated to the root by state actors."

Joe Weiss, a security expert who has testified before Congress about such threats, said the industry has failed to address these vulnerabilities.

http://apnews.myway.com/article/20090408/D97EHMJO0.html

 

[TuTu Monroe]

This isn't good news, but we were warned this might happen.

AP source: Spies compromised US electric grid
Email this Story

Apr 8, 5:47 PM (ET)

By JORDAN ROBERTSON and EILEEN SULLIVAN


SAN JOSE, Calif. (AP) - Spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, The Associated Press has learned.

The intrusions were discovered after electric companies gave the government permission to audit their systems, a former U.S. government official told the AP. The ex-official was not authorized to discuss the matter and spoke on condition of anonymity.

The inspections of the electric grid were triggered by fears over a March 2007 video from the Idaho National Laboratory, which had staged a demonstration of what damage hackers could do if they seized control of a crucial part of the electric grid. The video showed a power turbine spinning out of control until it became a smoking hulk and shut down.

Although the resulting audits turned up evidence of spying, the former official told the AP that the extent of the problem is unknown, because the government does not have blanket authority to examine other electric systems.

"The vulnerability may be bigger than we think," the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is "almost without a doubt" done by state sponsors.

The Wall Street Journal, which reported the intrusions earlier, said officials believe the spies have not yet sought to damage the nation's electric grid, but that they likely would try in a war or another crisis.

Chinese and Russian officials have denied involvement in hacks on U.S. systems.

The attacks highlight serious problems that utilities like power and water companies face as they add more technologies for remotely managing their facilities. Any system networked to the rest of the world - from financial systems to university records to retail operations - can leave openings for hackers.

Homeland Security spokeswoman Amy Kudwa said her department is "not aware of any disruptions to the power grid caused by deliberate cyber activity here in the United States." Even so, congressional investigators and intelligence officials have warned that electric utilities are vulnerable to cyber attacks, and utilities acknowledge that their computer networks are routinely under assault.

CIA analyst Tom Donahue told utility engineers at a conference last year that in other countries, hackers had broken into electric utilities and demanded payments before disrupting power - in one case turning off the lights in multiple cities.

The power grid is becoming a bigger target for hackers as more pieces of it are connected to each other or, in some cases, to the Internet.

Employees who work remotely can be a major point of weakness. If their computers can be compromised, hackers can begin working backward into a utility's central control system. One way that's done is by so-called "spear phishing," or trying to fool people into opening personalized e-mails that have malicious programs inside them. Malicious Web applications can be another route for hackers.

"The severity of what we're seeing is off the charts," said Tom Kellermann, vice president of security awareness for Core Security Technologies and a member of the Commission on Cyber Security that is advising President Barack Obama. "Most of the critical infrastructure in the U.S. has been penetrated to the root by state actors."

Joe Weiss, a security expert who has testified before Congress about such threats, said the industry has failed to address these vulnerabilities.

http://apnews.myway.com/article/20090408/D97EHMJO0.html