U.S. Power Grid Hack Highlights Security Weaknesses
The hack to the electrical grid, which was first reported in The Wall Street Journal Wednesday, was found after malware--malicious software--was discovered on workstations that appeared to come from Russia, China and "other countries," the report said. Officials said that the malware had the potential to destroy components of the system, according to the Journal.
While the hack didn't appear to target one particular company or region, officials indicated that the malware could be used to navigate and take control of the U.S. electrical system. Attackers would then have the power to disrupt the system or destroy power infrastructure altogether in times of war, the Journal reported.
Security experts say that the U.S. power grid hack did not appear to cause damage and maintain that the malware appeared to be mainly used for reconnaissance purposes. "This is more surveillance, getting the lay of the land, and not so much malicious," said Dennis Fisher, Kaspersky Lab security evangelist. "People are fooling themselves if they don't think that foreign governments have back doors to most of our systems."
The incident has raised concerns that U.S. electrical systems, as well as water, sewage and other infrastructure, are susceptible to a foreign attack remotely via the Web.
U.S. Homeland Security Secretary Janet Napolitano told Reuters the power grid was vulnerable to a cyberattack that could disable or shut down systems.
"The vulnerability is something that the Department of Homeland Security and the energy sector have known about for years," she said. "We acknowledge that ... in this world, in an increasingly cyberworld, these are increasing risks."
Security experts echo that security weaknesses in the U.S. power grid are nothing new.
"It's definitely not surprising. Every time they connect a critical system to the Internet, they're opening themselves up for something bad happening," said Steve Manzuik, senior manager of security research at Juniper Networks. "There have been memos and guidance going to those power companies. It's unfortunate to say, but people don't like to do anything until after something bad has happened."
Experts say that in recent years, power companies have increasingly connected infrastructure to the Internet, which allows them to operate and manage systems remotely, while simultaneously cutting costs and reducing staff.
However, the switch to the remote infrastructure operation has opened up copious security and access problems. For one, experts say, many older systems were never intended to be connected or controlled via the Web.
"They were designed to be closed systems. A lot of them are fairly old systems that haven't been updated," Fisher said. "The main issue is that there's a much bigger attack surface area when they're connected to the Internet."
As a result, the publicity surrounding the power grid hack has underscored the need for more federal transparency and disclosure about cybersecurity issues, Fisher said.
"Information sharing is a real problem between the government and the private sector," Fisher said. "The private sector will share information, but the information does not flow the other way."
However, in recent months, the federal government has taken a much harder look at cybersecurity issues. President Barack Obama launched a 60-day cybersecurity review, scheduled to be completed next week, which closely examines the nation's cybersecurity infrastructure and personnel.
In addition, Congress is weighing in on a cybersecurity bill spawned by Senate Commerce Committee Chairman John Rockefeller IV (D-W.Va.) and Sen. Olympia Snowe (R-Maine) that, among other things, proposes to open up communication between the public and private sectors regarding cybersecurity issues, while giving the federal government the authority to disconnect federal or other critical infrastructure from the Internet if it became susceptible to attack.
In the past, the Bush administration approved $17 billion in secret funds to protect government networks, according to the Journal.
If worse comes to worse, experts say, hackers could launch malware attacks that could be used to permanently destroy components of the electrical grid, damage a nuclear power plant or wreak havoc on other systems.
"We've been warning about this for a very long time," Manzuik said. "Glad we haven't seen it happen yet. I hope we don't."