Report: Spies hacked into U.S. electricity grid

Spies from other countries have hacked into the United States' electricity grid, leaving traces of their activity and raising concerns over the security of the U.S. energy infrastructure to cyberattacks.

The Wall Street Journal on Wednesday published a report saying that spies sought ways to navigate and control the power grid as well as the water and sewage infrastructure. It's part of a rising number of intrusions, the article said, quoting former and current national security officials.

The intruders don't appear to have done any damage to date but did leave behind software that could disrupt the system.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians."

There have long been concerns over securing the power grid and other infrastructure. Those security issues are mounting as utilities use more Internet-based communications and software to control the grid through smart-grid technology.

A report by security firm IOActive last month warned that people with $500 worth of equipment and the right training could manipulate smart meters with embedded communications in people's homes to potentially disrupt operation of the grid.

Plans to modernize the grid call for adding communications capability to the distribution network, allowing utilities to get usage data from buildings or equipment along the grid.

That increased automation, however, opens up more security challenges. Smart-grid companies can ship information over the power lines, cell phone networks, or the Internet using proprietary protocols or the Internet Protocol.

Watch CBS Videos Online

[man_w_balls]

Part of the problem with our infrastructure is the few companies that control it all, being sort of a multi-monopoly. I believe the answer is for people to make their own power. If you can afford to own a house, you can probably afford to generate your own power! There should be government sponsored programs to help people free themselves from the vulnerable grid.
All the technology is out there - Solar, Wind, Water, Geothermal, and even Human muscle power. There is no need for a nation to be brought to its knees by a simple loss of electricity!

[Grant_D]

There are government sponsered programs for getting people into sustainable energy. It usually comes by way of tax relief or even a stipend.

[iPhoneUser]

The problem with alternative energies is even though you can make your own power, you generally have to tie it back in to the grid for it to be cost effective and efficient. There are net-metered solutions already out there that will allow you to use say a windmill to generate electricity. When you need the electricity, it goes straight to your house. When you're not using electricity but the windmill is still generating it, the power companies essentially buy this excess power from you and redirect it to where it's needed (they give you rebates or credits on your bills). Our grid infrastructure, like most of the infrastructures in the US these days (cellular, roadways, etc) is severely outdated and needs major improvements for these alternative energy sources to really make an impact. Plus, ultimately, people just don't care enough to adopt alternative energy sources...not even when gas was $4.50 a gallon last year. And the systems themselves are extremely expensive, even with government tax credits.

No, the solution is to force the companies that control the grid to reinvest their profits into their infrastructure. So they only make $199 billion instead of $200 billion this year, I think they'll manage.

[MrPitchfork]

"Plus, ultimately, people just don't care enough to adopt alternative energy sources...not even when gas was $4.50 a gallon last year."

Actually people do care, it's just that all this new alternative energy isn't available to the regular consumer. We as consumers are being held hostage by the energy/oil companies where we are forced to use their services for our energy needs or sit in the dark. What choice do we have? I swear, if there was an alternative to using gas or electric from the power company, I would have been off of all that years ago. We have fuel cell technology now but you dont see it being rolled out anywhere. If they really wanted to get us off of using foreign oil, we would have gotten off of it decades ago. We are being lied too about this over and over again.

[rhsc]

"Plus, ultimately, people just don't care enough to adopt alternative energy sources...not even when gas was $4.50 a gallon last year."

You would not believe how many priuses (prii?) there are in Massachusetts, so some people apparently care.

[brandonh33]

Currently personal energy sources like solar and wind are way too impractical to put into use. To put it short the technology is NOT there to support this. Geothermal is ridiculous for personal power, I honestly have no idea what you have in mind for water (do I dam my water hose?), and human power, really? I personally am for a smarter power grid. We do need to update our infrastructure. When I begin to not support a smart grid is when politicians use it to promote their personal agendas and make the whole concept outrageous in the eyes of anyone the slightest bit skeptical. Just my opinion.

[snydersweb]

I agree. What happens if the bad guys disrupt our power grid. All communication stops. Can we function? Here in CA there are companies who help homeowners establish themselves as power generators not just power users. The state even gives rebates for this.
www.strategicbookpublishing.com/TheGH4Effect.html

[Maccess]

You're suggesting that the grid be decentralized just like the Internet. That's a briliant idea. I hope government policymakers also see the advantages of a decentralized power grid.

Being connected to the Internet is not the problem, the problem is not taking full advantage of being connected to the Internet by disseminating power generation resources.

[Cartel1]

So what? All network security administrators have to deal with attempted intrusions on a daily basis to protect the network of organizations that they work for. So I would expect the U.S. government to suck it up and do the same.

What I am hearing though from the conspiracy theorists is that this is just another false flag attack by the U.S. govt, a kind of 9/11 inside job for the net in order to pass Senate bills No. 773 and 778 ? creating the Office of the National Cybersecurity Advisor and giving Obama the power to shut down the internet ? are under consideration. See Rockefeller: Internet is ?Number One National Hazard? and Cybersecurity Bill Gives Obama Dictatorial Power Over Internet.

[Cartel1]

So what? All network security administrators have to deal with attempted intrusions on a daily basis to protect the network of organizations that they work for. So I would expect the U.S. government to suck it up and do the same.

What I am hearing though from the conspiracy theorists is that this is just another false flag attack by the U.S. govt, a kind of 9/11 inside job for the net in order to pass Senate bills No. 773 and 778 ? creating the Office of the National Cybersecurity Advisor and giving Obama the power to shut down the internet ? are under consideration. See Rockefeller: Internet is ?Number One National Hazard? and Cybersecurity Bill Gives Obama Dictatorial Power Over Internet.

Long live the internet.

[rreab]

Just grab some tin foil and make yourself a little hat...you'll be fine

[biffhenerson]

There is NO FREE LUNCH. Someone pays. If the government is involved, then its the poor taxpayer. In the case of Solar and Wind power, they are not yet cost effective. In other words, the equipment costs more to purchase and maintain than the power they will produce in a lifetime.
This is just a simple security problem. It is very hard to get corporations to take security seriously. Its an insurance policy that they dont think that they will ever need. Tough sell.

[Grant_D]

"In the case of Solar and Wind power, they are not yet cost effective. In other words, the equipment costs more to purchase and maintain than the power they will produce in a lifetime. "

Depending on a lot of factors, efficiencies, location etc. the return on investment time for residential solor seems to be somewhere in the neighborhood of 15 years, and many of the warranties extend beyond that period.

[biffhenerson]

Before 15 years are up the technology will be so old and inefficent you will want to replace them all with the latest and greatest anyway. Thus you will never have them in place long enough to see a positive return on the investment.

[lilbruno611]

This is a possible scare tactic and an excuse for the government to take over the internet and try to shut it down and give us a new "better" internet that will be tightly controlled by the people that control the government. They will blame "terrorists" to convince you that the internet needs to go bye bye! When what they really want to do is silence any alternative media that they cannot control. The alternative media that 9 times out of 10 knows the Truth and are reporting the Truth. The Mainstream media (ABC, NBC, CBS, CNN, FOX, WallStreetJournal, USA Today, NYTimes, etc.) is failing, a lot of them are bankrupt or damn near close to being bankrupt and these are all in control by the people behind our government! Wake up! Go to: www.infowars.com for the Truth about who controls the government and what they are trying to do to us Americans with their agendas! Thank you for your time.

[rreab]

Sure, if it's on 'talk radio' or published on the internet, it's gotta be true....

[smittendiva]

It is all here.

thezeitgeistmovement.com

[db001b]

This is not a alternative power issue nor an attempt to take over the internet. This is a National Defense issue that has been ongoing for years. Our entire National Government runs on out dated technology what is a bigger problem is most of our infrstructure is managed by contractors and they all understand the issues at hand. I work in the security industry and I know first hand that solutions are being sought and yes the tax payer will pick up the bill. But I would sleep much better at night knowing the Obama adminstration addresses this issue now and not later. The fact that our government is forced to bail out our financial industry the highest profile will get the money. While we continue to band aide out dated technology that is being breeched on a daily basis.

[tgrenier]

I need more details. What exactly does hacking into the power grid mean. Is it a buffer overflow attack on some unpatched terminal that runs everything. Who let a computer have that much responsibility? Is it some guy on a pole or in a closet with some wire snips and alligator clips? Does Captain Crunch have his whistle working again? This is a technical news outlet. Give us some technical details.

[zmonster]

Exactly! There is no such thing as 'hacking' the power grid. This is the byproduct of the old vestige of neo-conservative war mongers who want to retain power in the US government, and they'll do anything and say anything to force their war agenda. Anyone (who like me) is an experienced software developer understands that systems this large cannot be 'brought down' by a hacking attack, no matter how coordinated it is. The 'hacker' would have to infiltrate literally thousands of independent computer networks, each one relatively secure by all standards.

[brandonh33]

@zmonster, are you serious? The last people that would be spreading this rumor around would be the people with a so called "war agenda". The people most likely behind this if it is a conspiracy would be the Obama administration ect. to promote THEIR personal agenda, though personally I dont even buy that they are behind this. You should really do some research behind the subject before you go out and make a fool of yourself.

Just so you know it is possible to hack our grid because it is so primitive but the details are fairly slim to how they are doing it. We do need a smarter grid, but not when it is being pushed with so many personal agendas. I am looking at you Mr. President.

[Len Bullard]

Anyone here who has been involved with the web since the very early 90s really surprised?

Nope. Warnings were given, were ignored, careers were made and prospered on the bodies of projects trying to avoid this, and now a consultancy ecology that created the problem will claim it is tin-foil hats while trying to land contracts to write the specs to solve it.

Very little change since The Eloquent Peasant was first sung by the shores of Memphis 3000 years ago. Fools will be foolish.

I don't care how much time you spent at Meade. You knew better.

[Azger]

I say let the Russians control the northeastern part of the grid. They are very good at cold weather stuff, so maybe we won't sit in the dark waiting for repairmen for 10 whole stinking days come the next ice storm.

[sparrowhyperion]

This is what we get for being too lazy. In the name of efficiency, we have created a system which is an electronic house of cards. In some cases, held together by the electronic equivalent of spit and string. I personally think we were better off in the 50s and 60s. Back then we didn't have to worry about some hacker in China messing with our electrical grid from the comfort of his own home.

Maybe if people would stop trying to simplify tasks by automating them, the US infrastructure would be more secure. We rely much too heavily on rather touchy equipment and incredibly complex programs for too much of the critical systems our country needs to keep running.

Remember... Simplify, Simplify, Simplify...

[tgrenier]

Yeah for the fifties: Duck and cover!!!

[Neeta-edunetsys]

This is one aspect of systems security which has to be managed well. The vulnerable section or the loophole can result in irreparable damage. Tripping of transmission lines, over drawl of power from system can create havoc.

[renGek]

*shrug*. We do the same to other countries. Espionage is a 2 way street.

[pugster]

I suppose that NSA spent billions on supercomputers so that it can figure the puzzle for soduku.

[zmonster]

Why are any of the educated people that read CNet believing this garbage? We're being told by an ANONYMOUS source that some hackers gained access to the ENTIRE US electric grid and can shut it down at a moment's notice? Are you kidding me with this? Anyone who has any experience with large software systems knows that there are literally hundreds and hundreds of points of control in a grid this large and there's no way even a coordinated effort could do much damage to the system as a whole. It's akin to the ridiculous concept that the "Internet" could be "turned off" by hackers, despite the fact that there are hundreds of thousands of routers, each independent of each other and with independent security, that would have to be compromised all at the same time.

How is it that the neo-conservative war mongers are still able to leak stories into the press to get the suckers to believe that we need to be in a continual state of war?

[willdryden]

There are 7 backbone servers total in the world. If they all go down, so does the web. Yes, you can still get to AOL if you are on AOL, but you can't send someone with a Yahoo or Hotmail account any email. Your access would be limited to your ISP and anything they host.

[spoonie1972]

there are five Independent System Operator (ERCOT, MISO etc) in the US.

if you **** them up, then the generator companies don't know what to make
and the game is over.
hell, **** *one* of them up and the cascade would be enough to knock most places out

[OzBeefer]

I am an IT guy who does some work for power companies, and it AMAZES me how much of their control systems are accessible from the day-to-day admin networks, just to make the realtime data more easily available!!

It's one security security access slip-up away from disaster, they only have themselves to blame I guess; until all our lights go off, then it's OUR problem!

[zmonster]

I'm calling you out on this. I think you're full of b.s. I've worked on multiple, extremely large software systems and absolutely all of them (even the one's that were poorly designed) had sufficient security to avoid mass failure if there were a coordinated hacking attempt. There's no way the entire US electric grid is susceptible to complete system failure due to external hacking. We are talking about hundreds and thousands of control points in 6 major sectors, each sector with thousands of independent access and control points. There's no way to 'infiltrate' the grid. This is a bunch of scare mongering.

[viper396]

Why even connect things like the power grid to the internet? There is absolutely no reason for critical systems like these to even be online. We should not risk national security for lame reasons like utility company employees managing data from the comfort of their home.

[SenorFrog]

Let's do some research and comparisons.
Take a look at: http://www.cisco.com/web/learning/le3/ccie/certified_ccies/worldwide.html

Networking wise, CCIE is one of the top certifications in terms of required knowledge, experience, time to achieve and cost. The top 10 CCIE qualified countries are:

01 USA - 5210 (including Puerto Rico)
02 China - 3555 (Including Hong Kong and Macau)
03 Japan - 1089
04 S. Korea - 1027
05 UK - 966
06 Canada - 786
07 Germany - 623
08 India - 588
09 Australia - 571
10 Russia - 309

America by itself has more qualified CCIEs than China and Russia combined. 7 of the 10 countries are strong allies and throwing in India as at least a good friend and 8 of the top 10 CCIE qualified nations are "the good guys". And I'll bet these levels/ratios of qualification carry over into Microsoft, Oracle, Sun, IBM, etc certifications. So we obviously have the knowledge, skills, abilities and manpower to come up with solutions and secure our pale, vulnerable underbelly. What we need is the will to not let an agent with an A+ qualification and a XBMC take out the entire West Coast during the next heatwave while maintaining the freedoms we expect with regards to the internet.

[ZetaZeta_]

The power grid goes down just fine without the aid of enemies.

[SenorFrog]

True but like comparing deaths from the 9/11 attacks (3000 plus) to automobile deaths in 2001 (over 42000), we prefer to be killed and plunged into darkness by true red-blooded Americans, by gum!