– Spies from China and Russia may have been infiltrated the nation’s electrical grid via the Internet
– Lack of security presented by smart-grid technology could open country to new threats
– A review of the federal government’s cyber-security efforts is expected to be completed this week
On April 8, 2009 the Wall Street Journal reported that Chinese and Russian hackers have been attempting to infiltrate and map the cyber infrastructure of the United States (US). According to current and former national security officials, spies from China, Russia and other countries have penetrated the US electrical grid and left behind rogue software programs that could be used to disrupt the system in the event of conflict.
Cyber Espionage Pervasive
Many of the intrusions were detected by US intelligence agencies who reported that the espionage was pervasive and did not target a particular company or region. According to one former Department of Homeland Security official, “there were a lot [of attacks] last year,” and the number of intrusions is growing.
The security of the nation’s critical infrastructure has been decreasing as utility companies move their control systems closer to the Internet and install smart-grid technology – a system of networked meters designed for adjusting electricity flows and monitoring everything from power plants to individual appliances in homes. Experts have been warning companies and politicians that the growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers.
In a 2008 survey of critical infrastructure insiders working in the US and Canada, respondents stated that the energy sector was the industry most vulnerable to cyber-attacks. The survey cited a number of contributing factors:
• An increase in the number of access points through the use of sensors, smart meters, and third-party contractors with remote access capability.
• The use of more Internet Protocol (IP) based networks.
• Integration between corporate and operational networks.
• Reliance on standard or commodity information technology (IT) platforms such as Microsoft Windows.
• Lack of attention to security by network automation and control system vendors.
In the near to medium-term, we expect spies working for foreign governments to continue to probe and test the security of the nation’s critical infrastructure, and continue planting rouge software onto workstations and servers that will give them a backdoor of control over the systems that control the nation’s utilities. We also expect politicians and security experts to be the driving force behind improving the security of these systems.
Improving Security
National security officials do not see an immediate danger of China or Russia disrupting the nation’s electrical grid, but remain cognizant of the possibility that these countries could overtake the nation’s electrical facilities, nuclear power plants, or financial networks via the Internet.
In February 2009 President Barack Obama ordered his acting director for cyberspace for both the National and Homeland Security councils to conduct an immediate 60-day review of federal cyber-security efforts. The review, scheduled to conclude this week, will include reviews of the cyber-security of the nation’s electrical grid and other infrastructure.
President Obama highlighted the importance of safeguarding the nation’s vital computer networks against enemy attacks during his campaign. He has promised to appoint a national cyber adviser to coordinate federal agency efforts and develop a national cyber policy.
The federal government has already been moving ahead with new measures aimed at improving the cyber-security of the nation’s critical infrastructure. In January 2008 the Federal Energy Regulatory Commission approved new protection measures that require improvements in the security of computer servers and better plans for handling attacks. The North American Electric Reliability Corporation, an independent standards-setting organization overseen by the Federal Energy Commission, stated it would begin auditing compliance of the new regulations in July 2009.
Outlook
The promise of smart-gird technologies and other systems aimed at cutting costs and improving services has been recognized by President Obama and other politicians who have earmarked US$4.5 billion for increasing the expansion of these technologies in 2010. More than 2 million smart meters are in use in the US today. An estimated 73 utilities have ordered 17 million additional smart meters.
We expect the expansion of new technologies into the fabric of the nation’s critical infrastructure systems to continue at a rapid pace, but remain concerned over the lack of security during the development and deployment of these technologies. Without proper federal regulations, frequent auditing of these systems, and assurance that the development and deployment of these systems is secure, the vulnerability of these systems will continue to be exploited and could prove to have dire consequences for the nation’s security.