Author: James Osborne / Source: Houston Chronicle
WASHINGTON – After it came to light this summer that hackers had infiltrated the computer networks of two U.S. power companies – at a time the country was still reeling from Russian cyberattacks aimed at influencing the 2016 election – the possibility of hackers taking down the U.S. power grid and sending the nation into chaos suddenly seemed a very real possibility.
The companies pledged there was no danger. Senators called hearings and wrote letters to the White House demanding to know what it was doing about it.
But to the teams of cybersecurity analysts charged with protecting the world’s industries from a rapidly evolving deluge of malware, viruses and other tools of the hacker trade, it was just the latest in an escalating cyberwar against power grids and other critical infrastructure around the globe.
“The message that I’d like to communicate, intrusions, spear-phishing and other (hacking attacks),” said Mark Bristow, deputy division director of the Department of Homeland Security’s Hunt and Incident Response Team. “It happens every day.”
The foundation around which the U.S. economy runs, the power grid makes an intriguing target for hackers – whether it’s foreign governments, criminals looking for a big payday or hackers just seeing what mischief they can cause. And as attempts to infiltrate computer networks that control the grid and other industrial systems escalate, cybersecurity experts and some government officials are increasingly concerned that a large-scale, well-financed and coordinated cyberattack is coming, risking the sort of widespread blackouts that hit Ukraine in 2015 after hackers broke into the systems of three power plants.
To read this article in one of Houston’s most-spoken languages, click on the button below.
Last year, members of DHS’ Industrial Control Systems Cyber Emergency Response Team recorded 290 cases of hackers gaining access to systems at everything from power plants to telecommunications systems. Considering companies are not required to report such incidents unless they lose control of critical infrastructure – to date something that has never been publicly reported in the United States – that number is likely far lower than the reality. Still, it represented more than twice as many incidents as were reported in 2011.
“What the electric industry folks tell me is, ‘We lay awake at home every night thinking about this,’ ” said a former top energy official in the Obama administration, who declined to be identified because those conversations were private. “Someone from one of the nation’s largest utilities, and I can’t say who, told me they had hackers trying to get into their system 3,000 times a day.”
The break-ins disclosed by Burlington Electric in Vermont and the Wolf Creek Nuclear Operating Co. of Kansas – which the companies maintain did not breach the networks that control the grid – have begun to raise debate in Washington over whether the government is doing enough. Federal authority over the power grid essentially stops where transmission lines end, leaving security over the vast complex of neighborhood power lines, transformers, smart meters and other digital controls largely to utilities and power generators.
That has left the grid a technological patchwork, with some companies failing to meet the elemental standards for cybersecurity, nearly a dozen government and private-sector experts said.
“Something needs to change because right now we’re sitting ducks,” said Sujeet Shenoi, a computer science professor at the University of Tulsa who trains students for cybersecurity careers with the National Security Agency, FBI and other intelligence and law enforcement agencies.
Where once countries fought over land and waterways, the ability to control and protect the world’s digital systems is fast becoming a new arms race. In countries like Israel, Shenoi said, cybersecurity standards for power grids, pipelines, telecommunications and other vital systems are set by the government’s intelligence and security officials. And in…
Click here to read more