Electricity Grid in U.S. Penetrated By Spies

Daily News Article   —   Posted on April 8, 2009

(by Siobhan Gorman, WSJ.com) WASHINGTON – Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. …

“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”

The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems. “There were a lot last year.”
Question of the Day

Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, “If we go to war with them, they will try to turn them on.” …

… protecting the electrical grid and other infrastructure is a key part of the Obama administration’s cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage. …

The U.S. electrical grid comprises three separate electric networks, covering the East, the West and Texas. Each includes many thousands of miles of transmission lines, power plants and substations. The flow of power is controlled by local utilities or regional transmission organizations. The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports.

The sophistication of the U.S. intrusions — which extend beyond electric to other key infrastructure systems — suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don’t appear to have yet mounted attacks, these officials say.

It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace. U.S. officials said investigators have followed electronic trails of stolen data to China and Russia.

Russian and Chinese officials have denied any wrongdoing. “These are pure speculations,” said Yevgeniy Khorishko, a spokesman at the Russian Embassy. “Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world.”

A spokesman for the Chinese Embassy in Washington, Wang Baodong, said the Chinese government “resolutely oppose[s] any crime, including hacking, that destroys the Internet or computer network” and has laws barring the practice. China was ready to cooperate with other countries to counter such attacks, he said, and added that “some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China.”

Utilities are reluctant to speak about the dangers. “Much of what we’ve done, we can’t talk about,” said Ray Dotter, a spokesman at PJM Interconnection LLC, which coordinates the movement of wholesale electricity in 13 states and the District of Columbia. He said the organization has beefed up its security, in conformance with federal standards.

In January 2008, the Federal Energy Regulatory Commission approved new protection measures that required improvements in the security of computer servers and better plans for handling attacks.

Last week, Senate Democrats introduced a proposal that would require all critical infrastructure companies to meet new cybersecurity standards and grant the president emergency powers over control of the grid systems and other infrastructure. …

The White House review of cybersecurity programs is studying ways to shield the electrical grid from such attacks, said James Lewis, who directed a study for the Center for Strategic and International Studies and has met with White House reviewers.

The reliability of the grid is ultimately the responsibility of the North American Electric Reliability Corp., an independent standards-setting organization overseen by the Federal Energy Regulatory Commission.

The NERC set standards last year requiring companies to designate “critical cyber assets.” Companies, for example, must check the backgrounds of employees and install firewalls to separate administrative networks from those that control electricity flow. The group will begin auditing compliance in July.

-Rebecca Smith contributed to this article.

Write to Siobhan Gorman at siobhan.gorman@wsj.com.

Copyright 2009 Dow Jones & Company, Inc.  All Rights Reserved.  Reprinted here for educational purposes only.  Visit the website at wsj.com. 

Background

Specialists at the U.S. Cyber Consequences Unit, a nonprofit research institute, said [cyber] attack programs search for openings in a network, much as a thief tests locks on doors. Once inside, these programs and their human controllers can acquire the same access and powers as a systems administrator. (from the wsj.com article above)