Computer spies from China, Russia and other countries are tunneling into the U.S. electricity grid with increasing frequency in order to study America's infrastructure, The Wall Street Journal reported Wednesday. An unnamed intelligence official told the newspaper that hackers have left behind software tools that could be turned on during a war in order to damage critical infrastructure systems.
The revelation comes amid growing public sentiment for transforming the U.S. electrical grid into a "smart grid." It would rely upon IT to help utility companies manage peak loads and allow consumers to sell back excess power to the grid during off-peak hours.
An estimated $11 billion from the economic stimulus bill President Barack Obama signed in February is dedicated to enacting standards for the smart grid and funding test cases. Millions of sophisticated "smart meters" have already been installed in homes in cities such as Los Angeles; Austin, Texas; and Boulder, Colo.
Industry insiders expect the federal government to release guidance for the stimulus money as soon as next week. Analysts say a nationwide build-out of the smart grid ultimately could cost trillions of dollars.
Watchdogs caution that the smart grid could be a hacker's paradise because its network of sensors, wireless technology and home-based energy meters would allow multiple entry points into the system. CNN.com reported last month that security services firm IOActive determined a malicious hacker "with $500 of equipment and materials and a background in electronics and software engineering" could simultaneously take command of smart-grid metering infrastructure of thousands or millions of homes and businesses.
Power Industry Aware of Security Deficiencies
A December 2008 report from the U.S. Department of Energy's Electricity Advisory Committee said utilities are increasingly using digital devices in substations to improve protection and increase reliability and control. "However, these remotely accessible and programmable devices can introduce cyber-security concerns," according to the report. While smart-grid technology offers more layers of control, it will require built-in security during the implementation, according to the report.
The North American Electric Reliability Corp. (NERC) has developed Critical Infrastructure Protection standards to address cyber-security issues. But in a letter to its members Tuesday, NERC Chief Security Officer Michael Assante expressed concern that only a third of them had identified "critical assets" and "cyber-critical assets."
"One of the more significant elements of a cyber-threat, contributing to the uniqueness of cyber-risk, is the crosscutting and horizontal nature of networked technology that provides the means for an intelligent cyber-attacker to impact multiple assets at once, and from a distance," Assante wrote.
In February, Obama ordered a 60-day cyber-security review of how well the federal government thwarts cyber-attacks. The findings are due next week.