April 08, 2009, 10:48 AM — Cyperspies from China, Russia and elsewhere have gained access to the U.S. electrical grid and have installed malware tools designed to shut down service, according to a news report Wednesday.
So far, the attackers have not used their access to damage the electrical grid, but the cyberespionage appears "pervasive," said a Wall Street Journal article that quoted anonymous national security officials. U.S. officials worry that the spies could use their access to attempt to shut down the grid or take control of power plants during a time of crisis or war, the story said.
Many of the intrusions weren't discovered by electric utilities but by U.S. intelligence agencies, the story said.
The cyberspies have left behind "software tools" that could be used to destroy components of the grid, the Journal quoted one official as saying. "If we go to war with them, they will try to turn them on," one official told the Journal.
U.S. lawmakers and some security experts have raised concerns for several years about the security of the power grid and other control systems. In a congressional hearing in March, Joseph Weiss, managing partner of control systems security consultancy Applied Control Solutions, said networks controlling U.S. industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths.
It could take the U.S. weeks to replace damaged equipment after coordinated attacks on infrastructure using control systems, Weiss said then. A coordinated attack "could be devastating to the U.S. economy and security," he said. "We're talking months to recover. We're not talking days."
Other security experts have raised concerns that the electrical grid could become more vulnerable as it moves to a two-way smart grid, potentially using the Internet for transmission. Congress provided US$4.5 billion for smart-grid deployment in an economic stimulus package passed earlier this year.
IOActive, a Seattle security consultancy, has spent the past year testing smart-grid devices for security vulnerabilities and discovered a number of flaws that could allow hackers to access the network and cut power, the company said in March.
"We're taking about extending access down into the homes over a combination of wireless networks, home-area networks," added Brian Ahern, president and CEO of Industrial Defender, a control systems security vendor. "When you think about our existing infrastructure today -- power plants, transmission distribution systems -- they all have their own security problems. That's what we're all working diligently on right now -- making sure that our existing infrastructure is secure."
Ahern, speaking before the Journal report came out, expressed concerns about the electrical grid. "One of the challenges that we have today in this country is that you've got all this critical infrastructure that has been deployed over the last 20 years, and no one was even thinking about security," he said.