The United States has reported that spies hacked into the national electric grid, leaving behind dormant programmes that could be activated in the event of war being declared.
An unnamed former US government official has made the claim to the Associated Press after the government audited electric company systems. State sponsored espionage may be behind the infiltration. Russia and China have since denied any involvement.
“There’s absolutely no substance in this story about China and Russia attacking the US power grid, so I hope the relevant US press can truthfully handle their reports, particularly about China”, said the Chinese foreign ministry.
Attacks such as this are regular occurrences for utility companies. Melissa McHenry of the American Electric Power Company was reported by Reuters to say: “we long ago identified that there are numerous scans and probes of our networks from external sources”. She has admitted that despite their best efforts “there are no guarantees that you can be completely safe from a cyber-attack”.
These cyber-attacks could become more frequent and carry greater danger in the US with the introduction of ‘smart grids’, a scheme that according to USA Today will receive $4.5bn of president Obama’s recently announced economic stimulus package.
CNN reports that the smart grid “will use automated meters, two way communications and advanced sensors to improve electricity efficiency and reliability”. One of the concerns is that with the smart grid more opportunities and openings to hack into the system are created. Another concern is the increase of employees working remotely via the internet, where ‘spear phishing’ (the use of false emails to introduce harmful programmes to PCs) can be used as a major route into the networks of utility companies.
There is currently no smart grid security legislation in the US, but this is to be addressed by a bill being introduced by Bennie Thompson, Reuters reports. Thompson has been quoted as saying: “our oversight indicates there is a significant gap in current regulation to effectively secure this infrastructure”.
Joe Weiss, a security expert told Associated press that “the fundamental problem is that we’re paying more attention to the cyber security of Facebook than we are trying to keep our lights on”. Weiss has said it could take nine months to restore power in a worst case scenario.
Another issue of concern for the US Government is that they do not have the complete authority to examine such privately controlled systems, making control and prevention against future attacks a much harder task. Tom Kellerman, vice president of security for Core Security Technologies, has suggested that foreign countries have already penetrated much of the United States critical infrastructure.
As of yet, America’s homeland security department have not reported any successful attempts to disrupt the power supply.