Major attacks on the U.S. power grid system are “increasing,” with hackers stepping up efforts to penetrate critical systems and to implant malicious software that could compromise the power grid and result in a nationwide crisis, according to a government report.
While experts have long signaled that the U.S. power grid and related systems are vulnerable to physical attacks by terrorists and other individuals, the U.S. government is now warning that sensitive computer systems that maintain the grid are increasingly being attacked, according to a Congressional Research Service (CRS) report that was not made public until the Federation of American Scientists (FAS) disclosed it this month.
The report warns that hackers potentially affiliated with terrorist groups or rogue nations have the ability to insert harmful malware into the internal systems governing the U.S. grid, which increasingly are being hooked into the Internet.
These types of computer viruses are able to comb internal systems for private information in a clandestine manner; they can also be used to wrest control of certain computers away from their owners.
“In recent years, new threats have materialized as new vulnerabilities have come to light, and a number of major concerns have emerged about the resilience and security of the nation’s electric power system,” the report says. “In particular, the cyber security of the electricity grid has been a focus of recent efforts to protect the integrity of the electric power system.”
The threat is compounded by the revelation that many power companies are only living up to the “minimum standards” set for cyber security by the U.S. government.
“Although malware intrusions may not have resulted in a significant disruption of grid operations so far, they still have been possible even with mandatory standards in place,” the report states.
Cyber attacks on the U.S. grid and power companies are becoming more prevalent.
“Incidents of reported cyber intrusions and attacks aimed at undermining the U.S. grid appear to be increasing,” according to the report. “While parts of the electric power subsector have mandatory and enforceable cyber and physical security standards, some have argued that minimum, consensus-based standards are not enough to secure the system.”
The report continues: “Further, the electric grid is not isolated from attacks on other critical infrastructure sectors on which it depends (i.e., the natural gas subsector, water, and transportation), and mandatory and enforceable cyber security standards apply to only a few of the critical infrastructure sectors,” the report states.
Experts and government authorities remain concerned about attacks on “critical infrastructure.”
“The increasing frequency of cyber intrusions on industrial control systems of critical infrastructure is a trend of concern to the electric utility industry,” the report warns “The National Security Agency reported that it has seen intrusions into [industrial control] systems by entities with the apparent technical capability ‘to take down control systems that operate U.S. power grids, water systems and other critical infrastructure.’”
The report documents a number of recent attacks on U.S. power grid computer systems.
In October 2014, for instance, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) revealed that “several industrial control systems has been infected” by a virus capable of gathering information about how the grid system functions.
“Hackers are reported to have used the BlackEnergy Trojan horse to deliver plug-in modules used for several purposes, including keylogging, audio recording, and grabbing screenshots,” according to the report. “Researchers looking at the BlackEnergy malware are reported to have identified a plug-in that can destroy hard disks, and believe that the attackers will activate the module once they are discovered in order to hide their presence.”
Another virus named HAVEX has been used to open so-called “back doors” into computer systems.
“The cyberattack leaves the company’s system in what appears to be a normal operating condition, but the attacker now has a backdoor to access and possibly control the company’s” control systems.
These threats, the report warns, are only growing more sophisticated as the industry struggles to combat such attacks.
“The threats facing the grid are evolving, and with each new intrusion or cyber attack, priorities to protect the system can shift,” the report explains. “But that does not mean previous attacks can be considered past issues.”
While nation-states may use such attacks to gather data, experts believe they are less likely to launch an attack due to the prospect of likely retaliation by the United States.
However, terrorists have no such concern, the report says.
“A terrorist or similar organization would likely be undeterred by such a consequence [of potential retaliation], and may use the worm for its own purposes,” according to the report. “Given the potential for damage to the nation’s economy from a major cyberattack on the grid, some might suggest a greater focus on recovery is needed and should become as much a part of a cybersecurity strategy as are efforts to secure the system.”