Has Power Grid Been Hacked? U.S. Won't Say
Date: 09-Apr-09
Country: US
Author: Steve Holland and Randall Mikkelsen
Has Power Grid Been Hacked? U.S. Won't Say Photo: Mike Cassese
The Detroit skyline is shown during Earth Hour, March 29, 2008.
Photo: Mike Cassese
WASHINGTON - U.S. concerns about the potential for cyber-attacks on critical
infrastructure extended to the American electrical power grid on Wednesday
and experts pointed the finger anew at Chinese hackers, among others.
U.S. Homeland Security Secretary Janet Napolitano told reporters the power
grid is vulnerable to potentially disabling computer attacks, while
declining to comment on reports that an intrusion had taken place.
"The vulnerability is something that the Department of Homeland Security and
the energy sector have known about for years," she said. "We acknowledge
that ... in this world, in an increasingly cyber world, these are increasing
risks."
Napolitano spoke after the Wall Street Journal reported that cyberspies had
penetrated the U.S. electrical grid and left behind software programs that
could be used to disrupt the system.
The Journal said the intruders have not sought to damage the power grid or
other key infrastructure but could try during a crisis or war.
The United States for several years has accused the Chinese and Russians,
among others, of using cyber-attacks to try to steal American trade secrets,
military secrets and government secrets.
The Chinese have been particularly active, a former U.S. security official
told Reuters.
"They are all over the place," said the official, who spoke on condition of
anonymity. "They're getting into university systems, contractor systems,
hacking government systems. There's no reason to think that the electrical
system would be immune as well."
Eric Rosenbach, executive director for research at Harvard University's
Kennedy School of Government's Belfer Center, said that if true, it showed
that the Chinese and Russians are thinking strategically about how to either
constrain the United States or inflict more damage if they ever felt they
needed to do so.
'POTENTIAL WEAKNESS'
"I think that China recognizes if in a very strategic sense you want to
ensure you have the ability to exploit another country's potential weakness
or vulnerability but do it in a way that isn't confrontational or cause an
international crisis, then this is a very good way of doing that," he said.
President Barack Obama, aware of the concerns about the vulnerability of
infrastructure, has launched a cyber review that is expected to be completed
in the coming weeks.
"The president takes the issue of cybersecurity very seriously, which is why
he ordered a top-to-bottom review shortly after taking office," said White
House spokesman Nick Shapiro.
He said the White House was not aware of "any disruptions to the power grid
caused by deliberate cyber-activity here in the United States."
"The Department of Homeland Security works with industry to identify
vulnerabilities and to help industry enhance the security of control system
networks. The federal government is also working to ensure that security is
built in as we develop the next generation of 'smart grid' networks,"
Shapiro said.
Mississippi Democratic Representative Bennie Thompson, chairman of the House
of Representatives Homeland Security Committee, said he would introduce
legislation to address the grid's vulnerability to cyber-attack.
"Our electric system is critical to our way of life, and we cannot afford to
leave it vulnerable to attack. Our oversight indicates there is a
significant gap in current regulation to effectively secure this
infrastructure," he said.
The United States is not alone. CIA analyst Tom Donahue told a
power-industry conference last year that "we have information from multiple
regions outside the United States, of cyber-intrusion into utilities
followed by extortion demands."
The North American Electric Reliability Corp, the industry group with
responsibility for grid reliability and security for the United States and
Canada, said it was unaware of any cyber-attacks that have led to
disruptions of electric service. The group has been working for several
years with the industry to create and implement cybersecurity measures.
"NERC and industry leaders are taking steps in the right direction to
improve preparedness and response to potential cyberthreats," the group
said. "There is definitely more to be done."
American Electric Power Co spokeswoman Melissa McHenry said the utility
takes security and reliability of the grid seriously.
"We long ago identified that there are numerous scans and probes of our
networks from external sources and have put in place a very comprehensive
multilayered security system to protect it from internal and external
intrusion attempts," she said.
Still, she said, "We realize that there are no guarantees that you can
always be completely safe from a cyber-attack. We continually monitor the
effectiveness of our systems and seek to enhance them."
(Editing by Will Dunham)
© Thomson Reuters 2009 All rights reserved
|