May 23, 2013
Many US Power Companies Face Relentless Cyber Attacks, Says Congressional Report
Peter Suciu for redOrbit.com — Your Universe Online
On Tuesday, lawmakers warned that the United States´ power utilities face near constant cyber attacks on critical systems. Congressmen Edward Markey of Massachusetts and Henry Waxman of California disclosed their findings during a House Energy and Commerce Committee hearing on cyber security.
“The last few years have seen the threat of a crippling cyber-attack against the US electric grid increase significantly. Secretary of Defense Leon Panetta identified a ℠cyber-attack perpetrated by nation states or extremist groups´ as capable of being ℠as destructive as the terrorist attack on 9/11.´ A five-year old National Academy of Sciences report declassified and released in November 2012 found that physical damage by terrorists to large transformers could disrupt power to large regions of the country and could take months to repair, and that ℠such an attack could be carried out by knowledgeable attackers with little risk of detection or interdiction,´” the report read.
“On May 16, 2013, the Department of Homeland Security testified that in 2012, it had processed 68% more cyber-incidents involving Federal agencies, critical infrastructure, and other select industrial entities than in 2011. It also recently warned industry of a heightened risk of cyber-attack, and reportedly noted increased cyber-activity that seemed to be based in the Middle East, including Iran.”
Markey and Waxman sent 15 questions to more than 150 utilities companies, of which 112 replied. Of those, only 53 actually answered all the questions, while others provided incomplete responses that contained non-specific information. The two congressmen provided a 35-page report summarizing the responses.
From those that did respond the report found that more than a dozen utilities reported “daily,” “constant,” or “frequent” attempted cyber attacks. These reportedly ranged from phishing to malware infections to unfriendly probes.
One utility company in particular reported that it was the target of approximately 10,000 attempted attacks each month, while more than one public power provider reported being under a “constant state of ℠attack´ from malware and entities seeking to gain access to internal systems.”
A Northeastern power provider noted that it was “under constant cyber attack from cyber criminals including malware and the general threat from the Internet,” while a Midwestern power provider reported that it was “subject to ongoing malicious cyber and physical activity.”
“For example, we see probes on our network to look for vulnerabilities in our systems and applications on a daily basis. Much of this activity is automated and dynamic in nature — able to adapt to what is discovered during its probing process.”
In addition to cyber threats, Markey and Waxman also noted a concern in the power companies´ lack of readiness for geomagnetic storms, and found that most utilities have not taken the necessary steps to reduce their vulnerability to such storms. They also noted that it was not clear whether the power industry even has an adequate supply of spare transformers.
As for the cyber attacks, the concern remains that these could potentially “create instant effects at very low cost and are very difficult to positively attribute back to the attacker. It has been reported that actors based in China, Russia, and Iran have conducted cyber probes of US grid systems, and that cyberattacks have been conducted against critical infrastructure in other countries,” the report noted.
Makey, along with Representative Fred Upton of Michigan introduced the GRID Act to bolster the security of the electrical grid. It has passed the House but not the Senate.