Cyperspies from China, Russia and elsewhere have gained access to the U.S. electrical grid and installed malware tools that could be used to shut down service, according to a story published today by The Wall Street Journal.
Thus far, the attackers haven’t used their access to damage the electrical grid, but the cyberespionage appears to be “pervasive,” the Journal reported, citing anonymous national security officials. Federal officials are worried that the cyberspies could use their access to try to shut down the grid or take control of power plants during a time of crisis or war, the story said.
Many of the intrusions, which for now appear to be aimed mostly at mapping the domestic power grid, were discovered not by electric utilities but by U.S. intelligence agencies, the story added.
The cyberspies have left behind software tools that could be used to destroy components of the grid, one intelligence official told the Journal. “If we go to war with them, they will try to turn them on,” that official was quoted as saying.
U.S. lawmakers and some security analysts have raised concerns for several years about the security of the power grid and other industrial control systems.
In 2007, for example, a simulated attack done by the Idaho National Laboratory for the U.S. Department of Homeland Security showed that a known software vulnerability in a Supervisory Control and Data Acquisition, or SCADA, system could be used to destroy power grid equipment.
There also have been previous disclosures of actual hacking incidents involving electrical grids, both in the U.S. and abroad. Early last year, the CIA said that cybercriminals had been able to launch online attacks that disrupted power equipment in several regions outside of the U.S.
And at a congressional hearing in March, Joseph Weiss, managing partner of Applied Control Solutions, claimed that networks controlling industrial control systems in the U.S. have been breached more than 125 times in the past decade, with one incident resulting in deaths.
A coordinated attack on critical infrastructure systems “could be devastating to the U.S. economy and security,” Weiss said at the hearing. “We’re talking months to recover. We’re not talking days.”
Other security experts have raised concerns that the electrical grid could become more vulnerable as it is transitioned into a two-way smart grid, potentially using the Internet for transmission. The federal government included $4.5 billion for smart-grid deployment as part of the economic stimulus package approved earlier this year.
IOActive Inc., a Seattle-based security consultancy, has spent the past year testing smart-grid devices for security vulnerabilities. The company said last month that it had discovered a number of flaws that could enable hackers to access networks and cut power.
Brian Ahern, president and CEO of Industrial Defender Inc., a vendor of security tools for control systems, also voiced concerns about the power grid in an interview before the Journal story was published.
“One of the challenges that we have today in this country is that you’ve got all this critical infrastructure that has been deployed over the last 20 years, and no one was even thinking about security,” Ahern said. “When you think about our existing infrastructure today – power plants, transmission distribution systems – they all have their own security problems. That’s what we’re all working diligently on right now: making sure that our existing infrastructure is secure.”