Breach, Data Security, Threat Management, Vulnerability Management

Report: U.S. power grid hit by hackers

Updated on Wednesday, April 8 at 5:50 p.m. EST

Foreign spies have penetrated the U.S. power grid, and left behind malicious software that could be activated at a later date to disrupt the nation's electric system, The Wall Street Journal reported Wednesday.

The intruders, believed to be from China and Russia, likely hacked into the power grid over the course of several years so they could learn more about how the critical infrastructure works, the paper said.

U.S. intelligence officials -- not utility companies connected to the grid  -- detected many of the compromises, which did not do any damage. The officials cautioned that there was no immediate threat but that if there was a war, the hackers may try to "turn on" the malware left behind.

Greg Hoglund, CEO of HBGary, which provides solutions that assess systems for information risk, said the attackers appear to be silently probing these control systems for information.

"It's reconnaissance," he said. "The enemy is just probing behind the [web] gateway. Their purpose is to build a map. These types of malware programs that don't have to necessarily steal files."

But, Hoglund cautioned, the malware -- which typically arrives through some social engineering ploy such as a malicious Word document -- likely contains a function that can be remotely told to download an additional executable that can disrupt the grid.

"If that particular set of malware is controlled by an enemy of the United States, they could, in fact, shut down things such as power," he said.

The North American Electric Reliability Corp. (NERC), a nonprofit charged by the federal government with overseeing the bulk power system in North America, issued a statement in response to the Journal story, stating that it was working with industry leaders and the U.S. and Canadian governments to improve reliability standards and prevent against "imminent and specific cybersecurity threats."

"Cybersecurity is an area of concern for the electric grid," the statement said. "Though we are not aware of cyberattacks that have directly impacted reliability of the power system in North America, it is an issue the industry is working to stay head of."

The power grid is growing increasingly susceptible to attack as control systems used to run utilities become more connected with corporate data systems, which are, in turn, connected to the internet, according to experts.

In January 2008, the Federal Energy Regulatory Commission (FERC) approved eight cybersecurity standards that extend to all entities connected to the power grid. NERC is tasked with enforcing them – violators can face fines up to $1 million. The guidance covers asset identification, management controls, personnel and training, perimeters, physical security, systems management, incident response and reporting and disaster recover.

Both Chinese and Russian foreign officials denied the nations' involvement in the intrusions, the paper reported. U.S. intelligence authorities admitted that it impossible to know for sure whether the attacks were state-sponsored because of the ability for hackers to hide their tracks.

Dean Turner, director of Symantec's global intelligence network, said he rarely sees definitive evidence pointing to the true source of cyberattacks, thanks to obfuscation techniques that make botnets -- groups of infected computers often used in incidents such as this -- harder to track.

"You can trace the attack back to an IP address that is assigned to a computer based in a country and city but given what we know about bot networks, you don't have to be there to control one," he said.

Turner added that he wasn't surprised intruders are going after the power grid.

"Everything is potentially a target," he said. "All of these things have value to a particular class of attacker."

Eddie Schwartz, CSO of cyberintelligence firm NetWitness, said continuous monitoring is necessary to limit the threat.

"I don' think you can completely stop it," he said. "Your only hope against adversaries like the Chinese is that you monitor it as effectively as you can and collaborate with your peers."

For truly effective communication, government officials must declassify certain intelligence information so that it can be shared with utility companies, he said.

The report comes on the heels of news that the Pentagon has spent $100 million over the past six months to respond to cyberattacks against military networks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.