The United States National Security Agency has cautioned that the Anonymous hacker community might be able to cause a limited power outage through a cyberattack, according to a report in The Wall Street Journal.
NSA Director Gen. Keith Alexander has warned of the potential attack during meetings at the White House and in other private sessions, according to the report. However, he expects Anonymous to need one to two years to develop this capability.
“The one-to-two-year timeframe does not make sense to me,” Darren Hayes, CIS program chair at Pace University, told TechNewsWorld. “We have already witnessed hackers breaching utility company networks.”
Nevertheless, the fears are real, and more oversight of the security of utility company networks is needed, Hayes said.
Anonymous has blasted the report, using the Twitter handle AnonOps to call the idea that it would attack the energy grid “ridiculous”.
It “wouldn’t be appropriate for us to discuss any alleged comments or internal meetings,” NSA spokesperson Vanee Vines told TechNewsWorld.
Tomorrow Will Be Better
Alexander reportedly specified a one- to two-year timeframe for a possible Anonymous attack. However, the United States federal government will have probably improved the security of the country’s power systems by then.
In January, the Department of Energy (DoE) and the Department of Homeland Security (DHS) teamed up to create a cybersecurity model that can be tested and applied across the electric utility industry to see how to improve protection for the U.S. electricity grid.
This Electric Sector Cybersecurity Risk Management Maturity project will take input from both the electric utility industry and the public sector.
Meanwhile, a dogfight has erupted in Congress over how to best secure America’s critical infrastructure.
The Cybersecurity Act of 2012, which was tabled by a bipartisan group of senators, is wending its way through Congress, but Sen. John McCain has stated that he plans to introduce an alternative bill shortly.
Why Not Today?
Currently, however, several federal agencies are working on cybersecurity standards for the power grid, in some cases leading to a degree of disorganization.
The North American Electric Reliability Corporation (NERC) and the Federal Energy Regulatory Commission (FERC) both have authority over developing cybersecurity standards for the bulk power system and for ensuring compliance with these standards.
The National Institute of Standards and Technology (NIST) last year released a set of electric grid guidelines.
These were criticized by the Government Accountability Office (GAO) for not discussing a combination of physical and cyberattacks, and for lacking a final schedule for updates.
NERC has a set of Critical Infrastructure Protection (CIP) standards, but the Federal Communications Commission has pointed out that they potentially conflict with other standards.
An MIT study released in December had suggested that the U.S. needs an overarching national authority to oversee the cybersecurity of the national power grid and pointed out the weaknesses in the current approach.
There’s a lot of confusion over the question of who would have authority if a cyberattack was launched on the power grid, Patrick Miller, president and CEO of the National Electric Sector Cybersecurity Organization (NIESCO), told TechNewsWorld in a previous interview. NIESCO is a public-private partnership in the electric industry partly funded by the DoE. It’s pulling together efforts to enhance cybersecurity in the U.S. national electric infrastructure.
In response to the report, Anonymous accused the NSA of propagating fear among Americans. The message appeared under a difference Anonymous-related Twitter handle, YourAnonNews.
Several people have also posted messages questioning Gen. Alexander’s purported statements.
“I’m confused,” security researcher Christopher Soghian tweeted. “What will happen in the next year or two to give Anonymous the ability to hack the power grid?”