Week in review: Powerless to protect power grid?
Recent events have raised the question of whether the United States is prepared to defend its electricity grid.
Spies from other countries have been detected hacking into the United States' electricity grid, leaving traces of their activity and raising concerns over the security of the U.S. energy infrastructure to cyberattacks. The spies apparently sought ways to navigate and control the power grid as well as the water and sewage infrastructure, according to a published report. It's part of a rising number of intrusions, the article said, quoting former and current national security officials.
There have long been concerns over securing the power grid and other infrastructure. Those security issues are mounting as utilities use more Internet-based communications and software to control the grid through smart-grid technology. A report by security firm IOActive last month warned that people with $500 worth of equipment and the right training could manipulate smart meters with embedded communications in people's homes to potentially disrupt operation of the grid.
More than a decade after initial reports said critical infrastructure in the U.S. is vulnerable to cyberattack, the situation has only worsened as utilities move their control systems closer to the Internet and install smart-grid technology, according to security experts.
For many utility workers, it's easier to log onto the Internet from home when they get called at night. But if those home computers are infected with spyware they can be used by attackers to get into the control systems, which are supposed to be separated from the Internet.
But there are other problems that are more deeply embedded in the day-to-day operations of utility business. Network control software that utilities buy from outside vendors often includes the ability to run Web servers and enable remote access and wireless access. Then there are configuration problems, such as routers and other systems with no passwords or default passwords,
Another infrastructure vulnerability materialized this week in the Silicon Valley, where vandals were blamed for a massive phone and Internet outage. Police confirmed the phone and Internet outage that left thousands of customers in the San Jose, Calif., area without phone or broadband Internet service was caused by vandals who had cut AT&T fiber-optic cables. A cable in San Carlos, Calif., owned by Sprint Nextel was also cut about two hours later.
A representative said a utility hole cover had been lifted, and the fiber underground had been cut. She confirmed that the Sprint fiber that was cut also appeared to be the work of vandals.
Return of the worm?
The
Conficker worm that has infected millions of Windows-based computers will likely be used to send spam and steal data much like one of the nastiest botnets on the Internet does, researchers said after finding links between Conficker and Waledac family of malware that includes the Storm botnet.
A week after failing to do anything but snore, the much-hyped Conficker worm was roused from its slumber, with infected computers transmitting updates via peer-to-peer and dropping a mystery payload onto PCs. Researchers suspect that the payload program may be a keystroke logger, a spam generator, or both.
Conficker now also tries to connect to MySpace, MSN.com, eBay, CNN.com, and AOL as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down some functionality on May 3. In addition, Conficker reaches out to a domain that is known to be infected by Waledac and downloads an encrypted file.
One expert theorized that Eastern Europeans are behind Waledac. He suspects they created the Storm botnet to try different payloads and business models and that Waledac resulted from that. Ferguson speculates that they may be putting their lessons learned from earlier efforts into practice with Conficker.
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords. The worm disables security software and blocks access to security Web sites.
To check if your computer is infected you can use this Conficker Eye Chart or this site at the University of Bonn. There is also a Conficker removal guide at CNET's Download.com.
Meanwhile, the cost of security is mounting for the Pentagon, which spent more than $100 million in the past six months to clean up from Internet attacks and network issues.
The Defense Department was forced to take up to 1,500 computers offline last year because of a cyberattack, and it banned the use of external removable storage devices because of their ability to spread viruses. The news comes amid internal government squabbles over which department would be best to manage the nation's cybersecurity programs and in the middle of a cybersecurity review ordered by President Obama.
Battling piracy
In a surprise development, the French parliament voted down Internet piracy legislation that had largely been expected to pass. Because the bill was expected to pass, few members of parliament were present for the final vote.
The "Creation and Internet" bill, which had won the preliminary approval of the parliament last week, would compel Internet service providers to take graduated actions against customers accused of illegally downloading copyrighted material. After warning a customer against such actions for a third time, an ISP could suspend the person's Internet access for up to a year.
Meanwhile, the copyright infringers responsible for leaking an incomplete version of the unreleased movie "X-Men Origins: Wolverine" will likely face harsh penalties thanks to strict U.S. intellectual property laws, but copyright enforcement is still woefully inadequate abroad, representatives of the entertainment industry told members of Congress.
One week after the 20th Century Fox film was found on the Internet, the House of Representatives Committee on Foreign Affairs held a hearing in Los Angeles to listen to industry representatives about addressing piracy. Committee Chair Howard Berman (D-Calif.) said he plans to introduce legislation shortly to bring more attention to intellectual property rights abroad.
Piracy cost the film industry $6.1 billion in 2005, according to the Motion Picture Association of America, while copyright infringement overall resulted in $18.3 billion in trade losses in 2007, according to the International Intellectual Property Alliance. Copyright infringement also costs the U.S. 750,000 jobs per year, according to the U.S. Chamber of Commerce.
It specifically cost one entertainment columnist his job. Roger Friedman, who worked 10 years for FoxNews.com, a division of News Corp., posted a short review of the forthcoming "X-Men Origins: Wolverine" and he soon found himself out of work.
Friedman wrote in his Fox 411 column last week that downloading the unreleased superhero movie from the Internet was "so much easier than going out in the rain."
News Corp., saying that the review promoted piracy, initially said that Friedman's employment had been terminated but issued a revised statement saying it was a mutual decision.
Also of note
Sun Microsystems rejected IBM's formal buyout offer, calling the bid insufficient and putting future deal talks at risk...General Motors and Segway are working on a two-wheel concept vehicle called Project PUMA (Personal Urban Mobility and Accessibility) and designed to ease congestion and pollution problems in cities...Groups advocating for the blind and reading disabled held a protest at the Manhattan offices of the Authors Guild, which has been very vocal in opposing text-to-speech technology in the Kindle e-reader.
Steven Musil is the night news editor at CNET News. Before joining CNET News in 2000, Steven spent 10 years at various Bay Area newspapers. E-mail Steven. 
With the major cable and tower infrastructure already in place why are they using the public Internet for communication when they can use their own resources to create an isolated and securely encrypted LAN expressly for that purpose?
- by gmhead April 17, 2009 3:50 PM PDT
- This story about the electric grid being hacked was reported in the WSJ and subsequently picked up by Fox news and was not verified independently elsewhere. Sounds more to me like Rupert Murdoch's minions trying to sow fear and doubt. Remember how the story of WMDs was leaked to the NYT, then discussed on the Sunday morning talk shows by Cheney and Condi Rice the same day, referring to that same story? It is getting to the point where rumor is being passed on as news - that is very sad in a country that prides itself on freedom of speech and a free press.
- Reply to this comment
-
(3 Comments)So before we get all hinky about it, lets talk about what it would take to break into Cal ISO, for example (one of the bigger power managers in the country). Musil - have you spoken to them? Call them up and verify independently that this did in fact happen? Then all the firewalls they have on their network are a little worthless. I am finding this very hard to believe; local power companies have pretty robust networks, with the POSSIBLE exceptions of small ones like Bay City Electric Light & Power in Michigan and Alameda Municipal Power in Alameda, CA. Like any other company they have to protect their networks pretty vigorously, and they do so.
It just gets harder and harder to believe. Now it may be a ploy to get additional IT funding for security of these networks, but I believe any network manager worth his or her salt would be able to more than adequately make a case for network security to the finance folks.
Related to this is the comment that "Network control software that utilities buy from outside vendors often includes the ability to run Web servers and enable remote access and wireless access. Then there are configuration problems, such as routers and other systems with no passwords or default passwords."
This is true for any network management situation, though these folks doing the managing are fairly careful (if they just aren't inherently stupid or lazy) to utilize these tools judiciously and with proper security controls in place.
Finally - those AT&T cable cuts in northern California have to be correlated to the fact that the company has a contract with its largest union that expired on the 4th and there hasn't been a lot of movement at the bargaining table. The cable cuts were done by pros - they were cut at the entrance into the vault(s), so it was more that just a simple splice to get them up and running.