 |
| In this file image from video released by the Department of Homeland Security, smoke pours from an expensive diesel electric
generator during a March 2007 demonstration by the Idaho National Laboratory, which was simulating a hacker attack against
the US electrical grid. Dept. of Homeland Security/AP/file |
New U.S. tack to defend power grid
Lawmakers are on alert as hackers increase attacks on US infrastructure.
from the October 30, 2007 edition
Page 2 of 3
Danger to SCADA systems for the electric grid, for instance, was highlighted in a 2002 National Research Council report. At a key meeting in July 2003, officials from the US Department of Energy, DHS, the national laboratories, and other agencies convened to develop a national cybersecurity plan.
Despite that and other efforts since 9/11 to protect control systems from cyberattack, "the federal government lacks an overall strategy for coordinating public and private sector efforts," the Government Accountability Office (GAO) reported to Congress earlier this month.
Some experts describe a patchwork defense that has many gaps – and they note that malicious attacks, directed in particular at the electric grid, are growing.
Internet attacks on the 100 electric utility clients protected by SecureWorks, an Atlanta-based cybersecurity firm, leaped 90 percent this year – from 43 attacks per utility per day at the beginning of the year to 93 since May, company officials reported this month. That's about double the rate for other industries SecureWorks protects.
The US has been "in a race against time" since early 2005, when the attention of "black hat" hackers shifted to focus more on probing and exploiting SCADA control-system weaknesses of electric utilities, says Mr. Borg. Yet lights have mostly stayed on – a testament to the notion that industry and government still appear to be ahead in the race.
In a bid to plug gaps, the National Electric Reliability Corp. (NERC) in June was put in charge of grid reliability. It has proposed eight new cybersecurity requirements that are already being adopted by the electric-power industry. Those standards, though, were attacked as inadequate by experts during an Oct. 17 congressional hearing.
Known examples of hackers infiltrating the grid and taking parts of it down are rare. Such cases exist, security experts insist, though nondisclosure contracts prohibit them from talking about them to the press.
A year ago, Ira Winkler, a security expert taking part in an exercise to test the cyberdefenses of a nuclear-power plant, used his computer to hack into the plant's control system. After a few hours, the whole thing was called off because the "simulation" was too successful. Mr. Winkler had wrested control of key systems from plant engineers and could do what he wanted with the plant.
"A lot of people have stock answers saying everything's just fine, but the point is, if the underlying systems are vulnerable, that's all there is to it, says Mr. Winkler, a former NSA cryptanalyst who is now president of Internet Security Advisors Group, an Internet security company.
RSS feed
