A Wall Street Journal report that foreign hackers have repeatedly penetrated the U.S. power grid computer network has delivered a loud wake-up call.
Cyber-spies fromcountries including China and Russia have breached the electricalinfrastructure’s computer network and left software tools behind thatwould have allowed them to control or destroy infrastructurecomponents, according to the report. The breaches also involved water, sewage and otherinfrastructure systems.
“Hacking our critical infrastructure really isn’t a big play for cyber-criminals. They are not going to get enough bang for the buck, so tosay. It shouldn’t have happened. We are going about hardening ourcritical infrastructure. I see a lot of really good efforts takingplace to harden it,” Paul Henry, forensic and security analyst forLumension, told TechNewsWorld.
Cause for Alarm?
Companies involved with protecting the grid often conductpenetration tests and audit activity logs for signs of trouble withinthe infrastructure. However, the infrastructure’s apparent compromise wasnot discovered through these routine internal methods.
Many of these intrusions were detected by U.S. intelligence agenciesrather than by the companies in charge of the infrastructure,according to the report. That is causing intelligence officials toworry about cyber-attackers taking control of electrical facilities, nuclear power plants or financial networks via the Internet.
Federal authorities said they do not know the specific goals of the intrusionsother than perhaps hackers attempting to learn how to navigate through theinfrastructure. No damage to the infrastructure has been reported. The real potential for harm could come in connectionwith a future crisis or war. The spying appeared to occur at variouspoints throughout the grid rather than a specifically targetedutility company or region of the country.
“The scary thing is that we don’t know why they are doing this. Therehas been probing and attempts since the Internet was put together.People talk about these potential cyber-attacks as being part of somephysical event,” Doug Jacobson, chief technology officer andfounder of Palisade Systems, told TechNewsWorld.
While the intrusions should have been blocked or at least discoveredby the grid’s own security measures, some good will come out of thediscovery, according to Jacques Erasmus, director of researchfor Prevx. Now officials have to ensure that security gets beefed up.
“It’s definitely a big deal whenever a piece of criticalinfrastructure gets compromised and puts access in the hands of wrongpeople,” Jacobson said.
Cyber-spies gaining access to the infrastructure is not necessarily a doomand gloom scenario. By itself, that may pose little threat.
“This is not the cause for panic. The power grid is designed as aseparate central network for the infrastructure. Over the last five toseven years, developers have been migrating it to the Windows platform.This makes the grid more vulnerable. If this causes a quick review ofour internal systems, that will be very positive. The sky is notfalling. It’s just supported by rickety struts,” Richard Stiennon,founder and principal analyst for IT Harvest, told TechNewsWorld.
The real problem may lie with the leverage foreign hackers could gain inconcert with other, more traditional attacks. Hackers arenot going to create enough terror by just taking out the power for a fewhours, noted Henry.
“But it is incredibly useful as an amplification of an attack. If youcan get the ability to get into the grid and have the ability to shutdown power to specific segments, it is a large terrorist advantage. Ifyou launch a traditional terrorist attack in that region and can shutdown the electricity at the same time, you can interfere withemergency responders,” Henry explained.
More to Come?
However, Henry is sure that federal authorities will discover moredetails as they continue to investigate the breaches. However, there still exists concern that what is not yet known can still harm the country.
“The question is, how long has this been happening? It shows that theexisting methods aren’t sufficient to prevent it,” Erasmus said.
Still, Henry, who has been involved in numerous penetration tests ofthe grid and participated in its security analysis, is not overlyconcerned.
“I don’t want to suggest that the enemy is going to take down ourelectrical structure. That just is not the case. But I’m sure muchmore is going to be uncovered. I’m sure we are just looking at the tipof the iceberg at this point,” he warned.
Call for Action
As more details are learned about the breaches, security agencies willapply solutions, Jacobson suggested.
“This is useful that it happened. It raises the awareness of theplayers involved. What has to happen now is that the government willfocus on putting more money into security and not just computers,” hesaid.
There is little doubt that the discovery of intruders in the power gridwill draw a swift response, predicted Henry.
“I think that the current efforts in the U.S. to take a serious lookat our critical infrastructure is going to unmask a lot of this. Wehave an unprecedented opportunity to root out any access they may havegained before any damage happens,” he concluded.