Tags: power | grid | threat

Congressional Report: U.S. Power Grid Vulnerable to Attack by Iran

Thursday, 23 May 2013 06:15 AM


  Comment  |
   Contact Us  |
|  A   A  
  Copy Shortlink

Several major U.S. utilities are under “constant” cyberattack and haven’t taken precautions to protect critical systems from Iran, North Korea and other adversaries, according to a congressional survey of more than 100 companies accounting for much of the nation’s power system.

The survey shows the nation’s electrical grid remains “highly vulnerable” to attack after four years of failed efforts to pass major cyber-security legislation, according to an accompanying report. Industry trade groups, including the Edison Electric Institute, joined by Republicans in the Senate, opposed the bill, arguing minimum cyber-security standards would be out-of-date by the time they were implemented.

“Our enemies have the motive, the means, and the capacity to attack our grid with potentially catastrophic consequences,” Representative Ed Markey, the Massachusetts Democrat who co- wrote the report released today, said in an e-mail. “The question is whether the utilities have the same determination to protect our country against these threats.”

Power utilities are part of a core of critical infrastructure that U.S. intelligence agencies are warning may be targets of aggressive cyberattacks designed to cloak the East Coast in darkness or shut off the sewers in New York City during a future conflict.

Survey Questions

The report, whose other author, California Democratic Representative Henry Waxman, is the ranking member of the House Energy and Commerce Committee, is based on a 15-question survey sent to 170 electric utilities, including Exelon Corp., Southern Company, and Duke Energy Corp.

There’s no confirmed example of a massive infrastructure attack, and the survey was designed in part to identify whether cyber warriors are trying to breach sensitive systems or utilities know of smaller-scale attacks that might show adversaries are practicing.

In many cases, utilities simply didn’t answer the questions posed by the lawmakers. Of the companies that received the letter, more than two-thirds either didn’t respond at all or gave minimal responses, according to the lawmakers’ report.

Among those that did respond, several described a running battle to keep ahead of the hackers.

One Midwestern utility said that its computer systems were being probed constantly, in some cases by automated programs designed to detect weaknesses that can be exploited later. A utility in the Northeast reported that it was “under constant attack” from cyber criminals.

More than a dozen utilities reported either “daily,” “constant” or “frequent” attempts at computer intrusions.

Corporate Systems

The answers didn’t give details on the nature of the attackers or whether they were attempting to gain access to corporate systems or the industrial computers that actually run the plants.

The report’s authors found evidence that some utilities collaborated or simply cut-and-pasted answers provided by trade groups rather than addressing their unique situations.

Four small utilities in Florida and Texas gave almost identical answers to the majority of the questions, according to an analysis by the Democrats’ staff. Others borrowed heavily from a “coaching guide” produced by the North American Electric Reliability Corp., or NERC, a private body that helps regulate the industry, according to the lawmakers’ staff.

“If you can’t respond to a letter, I’m guessing that you probably can’t respond to a cyberattack either,” said Jacob Olcott, a former cyber-security staffer for the Senate Commerce Committee, which helped draft the omnibus cyber-security bill that failed last year.

Utilities’ Reluctance

The reticence of some utilities reflects their reluctance to divulge even to lawmakers details of security concerns or potential vulnerabilities, the American Public Power Association said in a response to the report, which it called “misleading.”

Many questions were “so specific and confidential in nature that for security reasons, they could not be answered,” the group said.

In some cases, the utilities’ answers suggested they had a poor grasp of the system for alerting them to cyber-security threats or missed many of the alerts altogether, the report’s authors said. Asked how many grid security alerts they had received from NERC since January 2010, the companies gave answers that ranged from one to 50. In fact, 24 alerts had been issued during that period.

Bug Fixes

Several utilities said that they failed to fix bugs in control systems and other technology that had been identified after a sophisticated attack software called Stuxnet sabotaged Iran’s uranium processing facility at Natanz in 2010. Stuxnet is widely believed to have been designed by hackers working for the U.S. and Israeli governments in an effort to disable the site.

The flaws used by the software are now widely known, and three years ago officials recommended 12 measures to ensure adversaries couldn’t deploy a repurposed version of Stuxnet against U.S. infrastructure.

Four of 45 utilities who responded to the survey hadn’t implemented the mandatory measures and 15 of 19 utilities hadn’t instituted several other measures which were voluntary, according to the survey answers.

© Copyright 2014 Bloomberg News. All rights reserved.

  Comment  |
   Contact Us  |
  Copy Shortlink
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
Zip Code:
Privacy: We never share your email.
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
Around the Web
Top Stories
You May Also Like

Foley Family: US 'Didn't Help Us Much' After Kidnapping

Tuesday, 16 Sep 2014 09:40 AM

The Obama administration gave little hope to the family of James Foley, the journalist beheaded by the Islamic State, fo . . .

Sen. Angus King: Is Anti-ISIS Coalition Real or Fake?

Tuesday, 16 Sep 2014 09:25 AM

President Barack Obama needs a "real coalition" of countries to combat the Islamic State and not merely form an alliance . . .

US Expands Airstrikes Against ISIS

Tuesday, 16 Sep 2014 09:24 AM

U.S. aircraft bombed Islamic State fighters near Baghdad in the latest expansion of an air campaign that began last mont . . .

Most Commented

Newsmax, Moneynews, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, NewsmaxWorld, NewsmaxHealth, are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved