December 05, 2011, 12:23 PM — The "malicious attack from Russian hackers that cracked security on an Illinois water utility and destroyed one of its main pumps turned out to be what Wired called a "comedy of errors" after interviewing the prime suspect for a story that ran last week.
That doesn't mean utilities in the U.S. – especially electrical utilities – are not desperately vulnerable to attack.
The U.S. electrical grid in particular is not only just as vulnerable as it was before the risk of cyberattack became obvious, the negative impact of a real hack keeps rising, according to a two-year study published today by researchers at the MIT Energy Initiative in Massachusetts Institute of Technology Sloan School of Management.
U.S. utilities are building more intelligence into their networks to make power distribution more efficient, but the mesh of regulations and regulators involved is such that their security efforts are incomplete, inadequate and uncoordinated, according to the 268-page study (PDF of full report, or by section), which also examined risks from weather, the impact of federal regulations, rising prices for fossil fuels and competition from sources of renewable energy.
The risk of a Stuxnet-like attack on utilities was dismissed by many security experts after the revelation that reports of a successful attack on the Illinois water utility hack were mistakes, the possibility that it is possible was not.
During the same week investigators were wondering if foreign intelligence services would bother cracking an Illinois water company to ruin a water pump, a hacker known as 'pr0f' posted evidence to Pastebin of having successfully cracked a South Houston water company, whose security was so appallingly bad pr0f complained it hardly qualified as a hack to crack security on the SCADA system that relied on a password only three characters long.