- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Have cyberspies from China and Russia penetrated the U.S. electrical grid with the intent of being able to disrupt it in a time of conflict? That’s what a Wall Street Journal article today asserts, based on unnamed sources.
According to the article: "The espionage appears pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. 'There are intrusions, and they are growing,’ the former official said, referring to the electrical systems. 'There were a lot last year.'"
The article quotes a senior intelligence official saying, "The Chinese have attempted to map out infrastructure, such as the electrical grid." The claim is also made that software left behind in electrical-grid controlling equipment could be used to destroy infrastructure components.
The story has been noticed in the online discussion group SCADA SECURITY where engineers and other technical experts interested in Supervisory Control and Data Acquisition Systems participate in sharing insights and opinions. "It could be FUD [fear, uncertainty and doubt] or it might have real substance," commented one SCADA SEC subscriber.
The North American Electric Reliability Corporation (NERC) issued this statement: "Though we are not aware of any reports of cyber attacks that have directly impacted reliability of the power system in North America to date, it is an issue the industry is working to stay ahead of. ... There is definitely more to be done, and we look forward to continuing our work with the electric industry and our partners in U.S. and Canadian government to improve reliability standards, ensure appropriate emergency authority is in place to address imminent and specific cyber security threats, and ultimately ensure a safe, secure, and reliable energy future for North America."
U.S. lawmakers and some security experts have raised concerns for several years about the security of the power grid and other control systems. In a congressional hearing in March, Joseph Weiss, managing partner of control systems security consultancy Applied Control Solutions, said networks controlling U.S. industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths.
It could take the United States weeks to replace damaged equipment after coordinated attacks on infrastructure using control systems, Weiss said then. A coordinated attack "could be devastating to the U.S. economy and security," he said. "We're talking months to recover. We're not talking days."
Other security experts have raised concerns that the electrical grid could become more vulnerable as it moves to a two-way smart grid, potentially using the Internet for transmission. Congress provided $4.5 billion for smart-grid deployment in an economic stimulus package passed earlier this year.
IOActive, a Seattle security consultancy, has spent the past year testing smart-grid devices for security vulnerabilities and discovered a number of flaws that could allow hackers to access the network and cut power, the company said in March.